cygwin + NTFS permissions = badness
Cygwin is "a Linux-like environment for Windows." Basically it provides all (or at least a large set) of the standard Linux command line tools for Windows. A lot of open source projects (e.g. Mozilla, for a big one) have based their Windows build systems on Cygwin because it simplifies the problems with trying to get a
make-based build system to work on Windows.
NTFS (the file system for WinNT, Win2k, WinXP, Win2k3) uses Access Control Lists (ACLs) for managing file permissions. If you have ever been frustrated by not being able delete a file on Windows: your NTFS ACLs might be the culprit.
I don't pretend to fully understand NTFS ACLs, but follow along with this little experiment and decide if you think there is a problem waiting to happen here. For this experiment you'll need
xcacls.exe from the Windows Resource Kit. This is a little command-line tool for dumping NTFS ACL information. You can also view ACL information by opening the "Propeties" dialog for a file in Explorer and selecting the "Security" tab.
First let's create a small test file in the regular Windows command shell (
cmd.exe) and list the NTFS ACL information:
C:\temp>echo this is foo.txt > foo.txt C:\temp>xcacls foo.txt C:\temp\foo.txt BUILTIN\Administrators:F ACTIVE\trentm:F NT AUTHORITY\SYSTEM:F BUILTIN\Users:R
This seems reasonable: the "Administrators", "trentm" (that's me), and "SYSTEM" users have full (F) permissions on that file and the "Users" account has read (R) access.
Now let's create a file using one of the cygwin utilities and dump the NTFS ACL information. I'll use
tee here, but other tools that create files (like
gzip, etc.) will have the same result.
C:\temp>echo this is bar.txt | tee bar.txt this is bar.txt C:\temp>xcacls bar.txt C:\temp\bar.txt ACTIVE\trentm:(special access:) STANDARD_RIGHTS_ALL DELETE READ_CONTROL WRITE_DAC WRITE_OWNER SYNCHRONIZE STANDARD_RIGHTS_REQUIRED FILE_GENERIC_READ FILE_GENERIC_WRITE FILE_READ_DATA FILE_WRITE_DATA FILE_APPEND_DATA FILE_READ_EA FILE_WRITE_EA FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES BUILTIN\Users:(special access:) READ_CONTROL SYNCHRONIZE FILE_GENERIC_READ FILE_GENERIC_WRITE FILE_READ_DATA FILE_WRITE_DATA FILE_APPEND_DATA FILE_READ_EA FILE_WRITE_EA FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES Everyone:(special access:) READ_CONTROL SYNCHRONIZE FILE_GENERIC_READ FILE_GENERIC_WRITE FILE_READ_DATA FILE_WRITE_DATA FILE_APPEND_DATA FILE_READ_EA FILE_WRITE_EA FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES
I don't want to unnecessarily ring alarm bells because my experience has shown that this usually doesn't cause problems in normal usage of the cygwin tools (we use them heavily here at ActiveState). However, yesterday something happened with respect to NTFS ACLs on my Windows developement machine yesterday such that I no longer have write permissions for files created by the Cygwin tools. I can't help but think that the difference in ACL information for
bar.txt in this experiment is part of the problem.