No permissions on files created outside Cygwin with UAC active blog home

Posted Wednesday, 09-May-2012 by Ingo Karkat

On my Window 7 development system, I synchronize my todo.txt via Dropbox with todo.txt Touch and my Windows Vista notebook. I often encountered permission errors when updating tasks, caused by missing permissions as perceived by Cygwin (todo.txt-cli is Cygwin-based): 

$ ll Dropbox/todo/todo.txt
----------+ 1 inkarkat EMEA\Domain Users 40K May  8 22:32 Dropbox/todo/todo.txt

This can be fixed via chmod, but after the next Dropbox write, the permissions are gone again! This never happens on my notebook. One crucial difference is that the development system has UAC enabled, but the corporate IT-managed notebook not. Here's a comparison of the file owners and permissions of a file created outside Cygwin with Notepad, a file created with elevated admin rights in Notepad, and a file created inside Cygwin: 

$ ll foobar*
----------+ 1 inkarkat       EMEA\Domain Users 14 May  9 08:53 foobar.txt
-rwx------+ 1 Administrators EMEA\Domain Users 15 May  9 08:51 foobaradmin.txt
-rw-rw-r--+ 1 inkarkat       EMEA\Domain Users  0 May  9 09:13 foobarcygwin.txt
$ cacls foobar.txt
D:\A\foobar.txt BUILTIN\Administrators:F
                NT AUTHORITY\SYSTEM:F
                NT AUTHORITY\Authenticated Users:C
                BUILTIN\Users:R

The security mapping done by Cygwin is complicated, but it seems that files generated from outside Cygwin without elevated rights result in zero permissions, even though my user is allowed to modify the file and its permissions. I'd be grateful for any insights into whether this is a Cygwin bug or a problem with my setup.

Anyway, the fix is simple and was inspired from this post from 2005: Simply adding full control permissions for my user to the base directory (in my case, all files reside on my "home data drive" D:\) and letting it inherit down the hierarchy fixes the problem. 

$ cacls foobar.txt
D:\A\foobar.txt NT AUTHORITY\Authenticated Users:(ID)C
                NT AUTHORITY\SYSTEM:(ID)F
                BUILTIN\Administrators:(ID)F
                EMEA\inkarkat:(ID)F
                BUILTIN\Users:(ID)R
$ ll foobar*
-rwx------+ 1 inkarkat       EMEA\Domain Users 23 May  9 09:27 foobar.txt
-rwx------+ 1 Administrators EMEA\Domain Users 15 May  9 08:51 foobaradmin.txt
-rw-rw-r--+ 1 inkarkat       EMEA\Domain Users  0 May  9 09:13 foobarcygwin.txt

Ingo Karkat, 09-May-2012

ingo's blog is licensed under Attribution-ShareAlike 4.0 International

blog comments powered by Disqus