logo标签列表

Cygwin如何/为什么会破坏Windows权限?

securitycygwinntfs
7

我们收到“现场”(即从安装软件的系统管理员那里)的投诉,称cygwin在NTFS(Windows 7/10/2008/2012等)上“搞乱了”Windows权限。

问题用例

一般的使用情况如下:

  • 系统管理员从cygwin bash命令行启动某个“软件安装程序”
  • 安装程序运行正常
  • 系统管理员尝试启动Windows服务

结果:服务无法启动

解决步骤

以下步骤似乎可以解决该问题:

  • 系统管理员使用Windows ICACLS命令重置ntfs权限:(在此示例中,“acme”是新创建的目录。此命令将acme及其子文件夹设置为重新继承“d:\instances”文件夹的权限)

    d:\instances> icacls acme /RESET /T /C /Q

  • 系统管理员启动服务

结果:Windows服务启动

问题

  • 与powershell相比,是什么让cygwin以不同方式处理新写入文件的权限?这是umask版本错误的问题吗?
  • 系统管理员能否提前采取措施确保cygwin正确设置权限?

提前感谢您的帮助。

你能提供一下icacls输出破损和正确文件的示例吗?你确定从Cygwin和PowerShell安装的用户是相同的吗? - matzeri
我有90%的把握,“问题只会在用户X从cygwin安装时出现,但如果用户X使用powershell,则会导致问题”。我还知道我们已经看到了另一个用例的问题:a)“用户X从cygwin安装”,b)“用户Y无法删除文件,因为用户X拥有它们”。 - user331465
网站http://www.cygwin.com/cygwin-ug-net/ntsec.html上的“文件权限”章节解释了为什么Cygwin对ACL进行排序,这种排序方式并不是规范的。它既不会破坏任何东西,也不违反定义。这是将Posix权限映射到ACL的唯一方法。 - FelixD
2个回答
6

我在这里找到了答案,它提到了这封邮件列表信件。

您需要编辑Cygwin的/etc/fstab并将“noacl”添加到挂载选项列表中。

2
你应该在这里发布解决方案(并保留参考资料),因为URL可能会改变/消失,如果发生这种情况,答案将变得无效。 - CristiFati
请注意,设置“noacl”将不允许Cygwin使用类似可执行位的Posix文件权限。也就是说,您正在削减Cygwin / Posix功能,并可能在Cygwin工具中遇到问题。 - FelixD
0

第一个:

How to fix incorrect Cygwin permission in Windows 7

Cygwin started to behave quite strangely after recent updates. I was not able to edit files in vim, because it was complaining that files are read only. Even cp -r didn’t work correctly. Permission of new directory was broken and I was not able to remove it. Pretty weird behavior.

E.g. ls -l

total 2
----------+ 1 georgik None 34 Jul 14 18:09 index.jade
----------+ 1 georgik None 109 Jul 14 17:40 layout.jade

Hm. It is clear that something is wrong with permission. Even owner has no permission on those files.

Output of mount command:

C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto)

I found a solution at cygwin forum. It’s quite easy to fix it.

Open /etc/fstab and enter following line:

none /cygdrive cygdrive binary,noacl,posix=0,user 0 0

Save it. Close all cygwin terminals and start new terminal.

Output of mount:

C: on /cygdrive/c type ntfs (binary,noacl,posix=0,user,noumount,auto)

Output of ls -l

total 2
-rw-r--r-- 1 georgik None 34 Jul 14 18:09 index.jade
-rw-r--r-- 1 georgik None 109 Jul 14 17:40 layout.jade

第二点:

7/14/2010 10:57 AM
> Drive Y is a mapping to a network location. Interestingly, ls -l
>> /cygdrive returns:
>>   d---------+ 1 ????????       ????????     24576 2010-07-09 11:18 c
>>   drwx------+ 1 Administrators Domain Users     0 2010-07-14 06:58 y
>>
>> The c folder looks weird, the y folder looks correct.
>>     
> Try ls -ln /cygdrive.  The user and group ownerships on the root of the
> C: drive are most likely not found in your passwd and group files.  The
> -n option for ls will print the user and group IDs rather than try to
> look up their names.  Unfortunately, I can't think of any way offhand to
> generate the passwd and group entries given only user and group IDs.
> Maybe someone else can comment on that.
>   

I think your answer is correct:
  $ ls -ln /cygdrive
  total 24
  d---------+ 1 4294967295 4294967295 24576 2010-07-09 11:18 c
  drwx------+ 1        544      10513     0 2010-07-14 11:45 y

I edited my /etc/fstab file (it contained only commented lines) and
added this line at the end of the file:
  none /cygdrive cygdrive binary,noacl,posix=0,user 0 0

I closed all my Cygwin processes, opened a new terminal and did an ls-l
on visitor.cpp again:
  -rw-r--r-- 1 cory Domain Users 3236 2010-07-11 22:37 visitor.cpp

Success!!! The permissions are now reported as 644 rather than 000 and I
can edit the file with Cygwin vim and not have bogus read-only issues.
Thank you Jeremy.

cory
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接