RE: cp -p error when directory security is modified from Windows

[Greg Aloe]

Bob, thanks for the quick return.  Please see my inline responses.

> -----Original Message-----
> From: Bob Proulx [mailto:address@hidden
> Sent: Wednesday, July 27, 2005 12:13 PM
> To: Greg Aloe
> Cc: address@hidden
> Subject: Re: cp -p error when directory security is modified from
Windows
> 
> Greg Aloe wrote:
> > I'm not sure what information to relay to you, so I'll do the best I
> > can, and let you follow up with questions.
> 
> First thanks for reporting bugs and problems.  However, I was just a
> little confused as to the exact problem you were trying to report.  If
> I missed the mark then send a correction.
> 
> > Linux hostname 2.4.21-193-smp #1 SMP Wed Jan 21 18:41:44 UTC 2004
x86_64
> > x86_64 x86_64 GNU/Linux
> >
> > Linux hostname 2.4.18 #14 SMP Mon Feb 10 15:36:47 EST 2003 i686
unknown
> >
> > Works on Solaris:
> >
> > SunOS hostname 5.6 Generic_105181-33 sun4u sparc
SUNW,Ultra-Enterprise
> 
> Okay.  (Is SunOS an NFS fileserver in your example?  You did not say
> but I am guessing that is true.)

I used the same directory (/home/galoe/trash/testdir) for each of my
tests on i686, x86_64, and Solaris.  So it is the same fileserver.  The
fileserver's file system is NTFS.


> > Now, here's the bug.
> >       [hostname:/home/galoe/trash]128 % ls -ld testdir
> >       drwxr-xr-x    2 galoe    users        4096 Jul 27 11:06
testdir
> >       [hostname:/home/galoe/trash]129 % cp -p
> > /devel/A/nightly/matlabinternetfile.txt testdir/
> 
> Your word wrapping here is unfortunate and makes the examples hard to
> follow.  In the future if you could make your examples verbatim it
> would be easier to read.  I needed to do a lot of trimming and
> *imagining* what it must have looked like to you.
 
I sent my email in HTML format which should not have wrapped the text.
I apologize that I didn't account for plain text viewers, but the
commands are simple, so there shouldn't be any ambiguous possibilities.


> >       -rw-r--r--    1 galoe    users       20051 Oct 15  2003
> > matlabinternetfile.txt
> >
> > Now I'll remove the file so I can show you the bug:
> >       [hostname:/home/galoe/trash]131 % rm
> > testdir/matlabinternetfile.txt
> >       [hostname:/home/galoe/trash]132 % ls testdir/
> 
> I don't see any problems yet.  Should I?

No, there are no problems to this point.  I'm simply trying to show how
things should look when I haven't yet touched the Windows security
settings.  The possible bug starts at this point forward.

 
> > Now, since my Windows machine has access to this network, I can
modify
> > the security of the directory.  Note, however, that I'm not even
> > changing anything.  I'm just checking a box, unchecking it, and
clicking
> > Apply.  Here are the exact steps from Windows XP Pro 2002 with
Service
> > Pack 2:
> 
> This is not the right list to talk about MS-Windows problems.
> Probably the better list would be the Cygwin list.
> 
>   http://cygwin.com
>
> > ...a bunch of MS stuff deleted...not appropriate for this list...
> >
> > Now, back on Linux, let's look at the permissions and notice they
didn't
> > change:
> >
> >       [hostname:/home/galoe/trash]133 % ls -ld testdir
> >       drwxr-xr-x    2 galoe    users        4096 Jul 27 11:06
testdir
> 
> This is all that matters here.
>

It is possible that the problem is caused by Windows, but why does the
problem persist if the permissions of the directory haven't changed?
I'd like to reiterate that I didn't make any actual changes to the
Windows security settings.  I toggled a checkbox with no changes, and
clicked "Apply".

> > Now, try to copy a file owned by someone else using -p, and notice
the
> > error, and that the permissions and ownership are incorrect:
> >
> >       [hostname:/home/galoe/trash]134 % cp -p
> > /devel/A/nightly/matlabinternetfile.txt testdir/
> >
> >       cp: setting permissions for `testdir/matlabinternetfile.txt':
> > Operation not permitted
> 
> Whether this is allowed or not is based upon your kernel security
> poilcy.  See this FAQ for more information.
> 
>   http://www.gnu.org/software/coreutils/faq/
> 
> Look for "Why can only root chown files?"
>
> >       [hostname:/home/galoe/trash]135 % ls -l testdir/
> >       -rwxr-xr-x    1 batserve users       20051 Oct 15  2003
> > matlabinternetfile.txt
> 
> Apparently you are running a security policy on that filesystem which
> is different from the modern norm.  Normally you would not have had
> permission to change the ownership of that file to user "batserve"
> because you are not that user.  But because it did allow you to change
> the ownership then it no longer allowed you to change the permissions
> because you did not own the file.  That is the source of the error
> message.

This sounds like an accurate description of what's going on, and maybe
our operating systems on these Linux/Solaris machines are working
differently, or are configured differently.  However, as I noted before,
the operation worked correctly on the Linux machines before I touched
the Windows side, even though Linux doesn't show any change in
permissions.  I know this should not be a Windows discussion, but it can
be a filesystem discussion.  Is there something in the filesystem that
might keep track of this Windows security (null) action, thus allowing
me to suddenly change the ownership of the file on Linux?

> > If this has already been reported, please tell me where to find the
bug
> > report.
> 
> So far in this discussion we don't know the exact location of the
> bug.  To me it looks like a bug in your system to allow this behavior
> this way.  But the jury is still out.
> 
> What type of filesystem are you working in?  Is it a local filesystem
> or a networked filesystem?  I am guessing it is a networked
> filesystem.  In which case the problem seems to be on your fileserver.
> However, one persons bug is another persons feature.  The legacy
> behavior of SysV systems is to allow chown from non-root users.  So I
> am guessing that your SunOS machine is an NFS fileserver and chown is
> allowed there and you are working from your GNU/Linux machine onto
> your SunOS fileserver.  Correct?
> 
> I will trail off here and allow others to comment further.
> 
> Bob