When I install Cygwin, the default location is c:\cygwin and after I open a Cygwin terminal, it creates my home folder in C:\cygwin\home\ which the Everyone group has read access to by default. So, if I create a diary in vim and save it to my profile, all users of the computer I'm logged on to can read my diary. Obviously this is not the default option for normal Windows profiles, so I'm wondering what the logic is behind Cygwin's default home directory permissions, so I can use it the way it is meant to be used. Thanks!
There are differences between the permission structures of windows and cygwin.
You can protect your diary by specifying its permission in windows using right click.
You can then check its permissions in cygwin using:
ls -l diary.txt
chmod 0600 diary.txt
ls -l diary.txt
Then login the same machine as a different (test) user and see if you read the file under windows, and in cygwin.
For people interested in this topic, it probably goes back to a setting called UMASK on linux, which specifies default permissions for new files. The default value of "022" means "take away no permissions from the owner, and take away write permissions from the group and the rest of the world" which means that file owners have full access, everyone else has read access.
They say it's to make it easier to share files with other users. I say it's obvious that this logic predates times when we had web browsers and other tools capable of saving passwords to disk.
Related
I would like to install and run windows applicaion from ubuntu share directory. But I don't want Windows 7 (or Windows XP) client to see or can copy file within that directory. For example, I have application name CustomerHist.exe that need to read database inside subdirectory name DATA, my purpose is other user can run this application, but cannot see or view files inside DATA subdirectory.
PS.Thanks for every reply, and sorry for my bad english.
Permission structure in Linux is different than the one on windows machines. In Linux you only have r,w,x permission while you have some extra ones on windows. Also in Linux you can give these three types of permission for three types of users; owner,group and others. So for a file, if you want it to have full permissions for owner, only execute permission for group and others , assign 711 to it. For to change permissions you will use chmod command. To share this folder to win users you will need to use samba.
I'm trying to set up some Cygwin users on a Windows 2008 Server (that I have Administrator privileges on) but I'm struggling to get their home directories set up.
Usually, if a user runs mintty as a login shell when their home directory doesn't exist (e.g. the first time they use "Cygwin Terminal"), the home directory gets created and copies of the the skeleton .bashrc, .profile, etc., from /etc/skel are added to it.
The problem I have is that I want to add some setup to the .bashrc for these users without changing the skeleton version (these settings won't necessarily be applicable for all future users).
I've tried creating the directory and copying the files over manually, but I can't then change the user/group ownership to the intended users - I get a "Permission denied" error from chown.
So, questions:
Why can't I (or how can I) get chown to assign ownership of a directory/file that I own to another user/group?
Is there actually a better way of creating a user's home directory and copying the skeleton files so I can modify them? (I'd like to avoid having to rely on the users doing something themselves to make the changes after they've logged in for the first time)
Answer to question 1: Because I wasn't running the Cygwin shell as an adminstrator (i.e. right-click the Cygwin Terminal in the Start Menu and select "Run As Administrator", then the chown/chgrp both work as expected)
Answer of sorts to question 2: there is no magic involved in setting up the user's home directory for the first time: it's done by the default profile that bash executes if it can't find the user's home directory.
I run servers on my Linux Server (Ubuntu) and there's a bit of a problem. It may seem simple to fix, however I don't think it is. The servers run in my username (server), however, others access certain files with different users via FTP. Because the server is running in my username, whenever a plugin creates new files, they do not have permission to edit etc.
I have tried putting the users into groups and then allowing group access to that folder (even for new files), but had no luck. Every time they need to edit the files, I need to chmod -R 777 it.
I thought about running the servers in their usernames, however that would produce complications. Is it actually possible to make new files retain the permissions of the parent (or a top folder)? All the solutions I've found doesn't seem to work.
Not for users but for groups. You can:
chmod g+s parent_dir
chgrp shared_group parent_dir
If you create files inside it, that files will have the group of the folder (shared_group).
My application is not supposed to perform any administrative tasks, so I want a normal User account to be able to run it. Only thing is, my application reads from and writes to a database file; if the user running Windows 7 (Or Vista) installs my app in drive C, the drive's default permission set configuration doesn't allow my app to write data.
How can I allow my app to write to C:, without requiring full administrative privileges?
If the database file exists at install time you can just grant the user write access to the file as part of the installation process (ordinary users do not have this permission by default). If the file needs to be created by the program the user running the program will need modify permissions on the c drive, which is not something that I would recommend.
I'd suggest storing your db file in Documents and Settings / App data / your app / directory. It exists specifically for this purpose. Writing to C:/Program Files is not so good practice. If that's possible in your case, that is.
You need to open UAC (User Account Access) and set security slider to the bottom. Then you can access drive C: as you did in windows XP.
I decided to modify directory permissions in the setup process, so I created an .exe file that changes the permissions of its start-up path, and gives all users access to that path. I simply included that .exe file in my deployment project, and created a Custom Action that would run the file in the Commit phase of installation.
Because the setup asks the user for administrative rights when it is being installed, my .exe also enjoys administrative privileges and can modify the permissions of the installation directory.
In my .exe, I used a Process instance to run the ACL utility shipped with Windows (icacls.exe) as follows:
ICACLS.EXE [TargetDir] /T /C /grant Users:F
(Make sure that [TargetDir] doesn't end with a "\" or the call will fail.)
This gives all users full control access to the target directory.
I could also write .NET code and change directory permissions manually, but I'm a little lazy!
You may however want to inspect your environment conditions thoroughly so that what you do wouldn't become a security hole in your environment; but this was suitable for me.
I hope this helps others who faced the same issue.
The user by default should have write permissions to drive C:, if not, then you will need to change the directory you read from and write to, to the executing directory (C:/Program Files/Your App/) rather than the root of C:
You can get this by
String Path = Path.GetDirectoryName(Application.ExecutablePath);
I want to share a folder among all users of a group : dev. So that all files are regardless of the owner can be edited by anyone in the group.
I have created the shared folder and set the respective permissions to the folder.
When a user creates a new file in that folder it belongs to owner:dev
But the permission for the files are rw-r--r--
So other users who belong the same group are not able to edit the files.
Like default group become "dev" how can I set the default permission for the files created in that directory.
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
This really belongs on serverfault and I already mentioned there's almost an exact duplicate there, but anyway there's a nice little solution you can use, which is the FUSE bindfs module (there's a package in ubuntu). You use it to mount one directory onto another mountpoint and can set things such as the default permissions of any files created here, their owner, group and the permissions of files already in the directory (which is what you seem to want).
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
That's the only way to do it, unless those "other tools" are themselves able to adjust permissions.
If you have root access, you can set the default umask for everyone to 002 from /etc/bashrc (assuming bash the default shell for the users in question).
A hack (and this is less preferable to umask) is to setup a cron job that will run every minute and do a chmod -R g+w <dir>.