From: Ramsay Jones <ramsay@ramsayjones.plus.com>
To: Adam Dinwoodie <adam@dinwoodie.org>
Cc: git@vger.kernel.org, Fabian Stelzer <fs@gigacodes.de>
Subject: Re: [PATCH] t/lib-git.sh: fix ACL-related permissions failure
Date: Fri, 5 Nov 2021 21:44:15 +0000 [thread overview]
Message-ID: <676553a5-2119-45bd-007d-40bb0802a263@ramsayjones.plus.com> (raw)
In-Reply-To: <20211105114747.GB25887@dinwoodie.org>
On 05/11/2021 11:47, Adam Dinwoodie wrote:
> On Thursday 04 November 2021 at 08:09 pm +0000, Ramsay Jones wrote:
>> Hi Adam,
>>
>> On 04/11/2021 19:25, Adam Dinwoodie wrote:
>>> SSH keys are expected to be created with very restrictive permissions,
>>> and SSH commands will fail if the permissions are not appropriate. When
>>> creating a directory for SSH keys in test scripts, attempt to clear any
>>> ACLs that might otherwise cause the private key to inherit less
>>> restrictive permissions than it requires.
>>
>> I was somewhat surprised to see your report, since all these tests
>> passed without issue for me on '-rc0'! :D (64-bit cygwin only).
>>
>> So, the difference seems to be down to FS ACLs, Hmmm ...
>>
>> (BTW, I am on windows 10 21H1)
Just FYI, tests t4202, t5534 and t6200 all pass for me without issue
on both of the -rc0 and -rc1 builds.
> I'm running these tests in subdirectories in the temporary drive on
> Dv4-size Windows 11 Pro Gen2 Azure VMs. I'm spinning up fresh VMs and
> using new Cygwin installations regularly, in the name of build
> reproducibility; I'm vaguely working on automating more and more of the
> Cygwin Git test and release processes.
>
> (At some point now they're becoming available, I'll probably shift to
> Ddv5 Azure VMs for this work; I very much doubt that'll make a
> difference, but I note it for the sake of completeness. Longer-term,
> I'm hoping to swap to using GitHub Actions to do most of the heavy
> lifting.)
>
> This isn't the first time I've seen similar problems in this environment
> that haven't been spotted elsewhere: see a1e03535db (t4129: fix
> setfacl-related permissions failure, 2020-12-23).
>
> The `getfacl` output for the temporary drive, from Cygwin's perspective,
> is as below; I'm `cd`ing into that directory and getting the Git
> repositories by running `git clone https://github.com/git/git` from
> there.
Heh, yeah, given the setup above, I'm not exactly shocked that you
are running into permission problems ... ;-)
> ```
> # file: /cygdrive/d
> # owner: NETWORK SERVICE
> # group: NETWORK SERVICE
> user::r-x
> group::r-x
> group:SYSTEM:rwx #effective:r-x
> group:Administrators:rwx #effective:r-x
> group:Users:r-x
> mask::r-x
> other::r-x
> default:user::rwx
> default:group::---
> default:group:SYSTEM:rwx
> default:group:Administrators:rwx
> default:group:Users:rwx
> default:mask::rwx
> default:other::r-x
> ```
I have been using cygwin since the 'beta-8' days (windows NT 3.51, so about
1997 or so) and have run into several permission problems over the years.
So, in order to finesse these issues, I find it best to keep it simple.
I do not move outside of my cygwin installation (at C:\cygwin64), which
even includes my home directory and all git repos.
So, for me:
$ echo $HOME
/home/ramsay
$ cygpath -w /home/ramsay
C:\cygwin64\home\ramsay
$
$ getfacl /cygdrive/c/cygwin64
# file: /cygdrive/c/cygwin64
# owner: ramsay
# group: None
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x
$ id
uid=1001(ramsay) gid=513(None) groups=513(None),545(Users),4(INTERACTIVE),66049(CONSOLE LOGON),11(Authenticated Users),15(This Organization),113(Local account),4095(CurrentSession),66048(LOCAL),262154(NTLM Authentication),401408(Medium Mandatory Level)
$
> I'm honestly not sure what it is that means I keep hitting these
> problems with this setup. I've managed to avoid needing anything but
> the most cursory knowledge of extended permissions handling,
> particularly for Cygwin where one has to contend with both the
> underlying OS's interpretation of file permissions and with the Cygwin
> layer's reinterpretations. I can't say I'm keen to get a deep working
> knowledge of how all these pieces interact!
I'm definitely no expert, but even with my current setup, I have had
permission problems. I used to 'ssh' into cygwin from Linux so that
I could build/test git on Linux/cygwin at the same time - that worked
fine for many many years, until a test was added that failed when I
was remotely logged-in to cygwin, but passed when I was actually directly
logged-in on the windows laptop. I don't remember the details, but ever
since I have been having to run the tests locally.
[When remotely logged in:
$ id
uid=1001(ramsay) gid=513(None) groups=513(None),114(Local account and member of Administrators group),0(root),545(Users),2(NETWORK),11(Authenticated Users),15(This Organization),113(Local account),4095(CurrentSession),262154(NTLM Authentication),405504(High Mandatory Level)
$
Yes, I am still using the 'privileged user' account for the 'sshd' service.
I suppose I should re-configure it to use the LOCAL ACCOUNT and test again,
but, well, if it ain't broke ... ;-)
]
ATB,
Ramsay Jones
next prev parent reply other threads:[~2021-11-05 21:44 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-04 19:25 [PATCH] t/lib-git.sh: fix ACL-related permissions failure Adam Dinwoodie
2021-11-04 19:49 ` Junio C Hamano
2021-11-04 20:03 ` Junio C Hamano
2021-11-04 22:36 ` Fabian Stelzer
2021-11-05 7:30 ` Junio C Hamano
2021-11-05 11:25 ` Adam Dinwoodie
2021-11-05 12:06 ` Jeff King
2021-11-05 12:13 ` Fabian Stelzer
2021-11-05 18:04 ` Junio C Hamano
2021-11-05 18:49 ` Adam Dinwoodie
2021-11-05 19:11 ` Junio C Hamano
2021-11-05 19:24 ` Adam Dinwoodie
2021-11-05 21:00 ` Carlo Arenas
2021-11-12 16:01 ` [RFC PATCH] lib-test: show failed prereq was " Fabian Stelzer
2021-11-13 6:10 ` Junio C Hamano
2021-11-13 14:43 ` Fabian Stelzer
2021-11-05 23:53 ` Jeff King
2021-11-05 23:39 ` Jeff King
2021-11-05 18:14 ` Junio C Hamano
2021-11-04 20:09 ` Ramsay Jones
2021-11-05 11:47 ` Adam Dinwoodie
2021-11-05 21:44 ` Ramsay Jones [this message]
2021-11-05 19:31 ` [PATCH v2] " Adam Dinwoodie
2021-11-05 21:03 ` Junio C Hamano
2021-11-08 16:40 ` Kerry, Richard
2021-11-08 19:14 ` Junio C Hamano
2021-11-09 17:23 ` Kerry, Richard
2021-11-09 18:19 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=676553a5-2119-45bd-007d-40bb0802a263@ramsayjones.plus.com \
--to=ramsay@ramsayjones.plus.com \
--cc=adam@dinwoodie.org \
--cc=fs@gigacodes.de \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).