Re: [Fetchmail-users] cygwin 1.7.35 reads file permissions differently, affects fetchmail

[Matthias A. <mat...@gm...>]

Am 23.03.2015 um 09:57 schrieb Martin Koeppe:
> 
> Hi all,
> 
> I just updated from cygwin 1.7.32 to 1.7.35,
> and now file permissions are calculated differently,
> which breaks fetchmail for me:
> 
> Here are the Windows permissions:
> (no permissions for Domain Users / Domänen-Benutzer)
> 
> $ cacls fetchmailrc.txt
> D:\fetchmail\fetchmailrc.txt NT-AUTORIT.T\SYSTEM:(ID)F
>                              NT-AUTORIT.T\LOKALER DIENST:(ID)C
>                              DOMAENE\LocalAdmin:(ID)F
>                              VORDEFINIERT\Administratoren:(ID)F
> 
> cygwin-1.7.32 $ ls -l
> -rwx------+ 1 LocalService Domänen-Benutzer    1932 15. Aug 2014
> fetchmailrc.txt
> 
> cygwin-1.7.35 $ ls -l
> -rwxrwx---+ 1 LocalService Domänen-Benutzer    1932 15. Aug 2014
> fetchmailrc.txt

Please post the getfacl for both, too, your /etc/passwd with password
column blanked, your /etc/group, your /etc/nsswitch.conf, and your
CYGWIN environment variable.

> Now, there are group permissions set. For me it breaks fetchmail,
> because fetchmail only runs when the config file is owned by the user
> running fetchmail (LocalService in my case, a system user I never can
> login with) and with max 0700 permissions. While this check is ok/good
> for Unix, because you still can view/edit the file as user root, you now
> can't anymore as Administrator on Windows.

> So cygwin's old calculation helped me to get it working that both
> fetchmail is happy as the file is only accessible by the user running
> fetchmail and I am happy to be able to change the file as Administrator.
> This seems now broken, or is there still a possibility to do that?

See if anything
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping offers you
ways to tweak permissions or ACLs such that it works for you on Cygwin,
and if you need to remove or regenerate /etc/passwd and/or /etc/group.

Also see if you can tweak the settings with getfacl/setfacl or chmod in
a way that fetchmail works.  Else I need detailed instructions as to
what and where to change, I haven't been using Cygwin in production for
more than four years.  I won't disable the check, but I'm happy to
document Cygwin specifics in a README.Cygwin file.

If there are regressions in the mapping between Windows and Unix
permissions, this needs to be addressed in the cygwin1.dll, not in
fetchmail.

> @fetchmail's maintainers:
> Is it possible/desired/ok to disable this check on Cygwin?

There is de facto no fetchmail maintainer for Cygwin.

Jason Tishler has been delaying critical and security bug fix updates
for years and nobody cared when I brought this up with the Cygwin
project lead.  The last five bugfix releases have again not been
packaged for Cygwin.  See
http://sourceforge.net/p/fetchmail/git/ci/legacy_63/tree/NEWS to figure
what you're missing in terms of critical and security fixes.

As the upstream maintainer, I will most likely not add new support
nonconforming systems. I would have to see very good reasons to decide
otherwise.