On Jul 2 17:56, Mark Lommers wrote: > Hi, > > I'm having problems with cygwin 1.7 and ACL handling. > > I do some software development and for the software I write I also create > unit tests. Those unit test are run automatically in a cygwin environment > triggered by a build system. Now I'm updating the machines on which the unit > tests are running, from windows XP to Windows Server 2008 and from cygwin 1.5 > to cygwin 1.7. Since this update some unit tests are failing. > > All the failing unit tests have in common that they do something with ACL: > > For some test we change the access control list like: > > acl.AddAccessRule(new > System.Security.AccessControl.FileSystemAccessRule(WindowsIdentity.GetCurrent().Name > , System.Security.AccessControl.FileSystemRights.FullControl > , System.Security.AccessControl.AccessControlType.Deny)); > SandboxedDirectory.SetAccessControl(acl); > > Then in the test we try to create a directory inside the sandboxed directory > and check that the right exception has been thrown because it shouldn't be > able to do so. > > > On windows XP with cygwin version 1.5 everything was working OK > > Now we are upgrading to windows server 2008 so we also need to update to > cygwin 1.7, the test are starting to fail, because they are able to create > directories in the sandboxed directory. > > I know/read that from cygwin 1.7 cygwin uses mount point with corresponding > acl/noacl flags and no longer using the ntsec and nontsec flags in the CYGWIN > environment variable. > > I tried to change the mounting point to set noacl and acl but this didn't had > any effect. > > On the OLD xp machines with cygwin 1.5 the CYGWIN variable was set to nontsec > > In CMD prompt test run fine. > In a bash prompt test fail. > In a cmd prompt started from a bash prompt test also fail. > > Not running in a cygwin environment is not an option for now! > > Any Idea what to do?
Are you running the tests under an elevated admin account? If so, the reason you are able to create dirs is that the SE_BACKUP_NAME and SE_RESTORE_NAME user privileges are enabled when running in a Cygwin environment. Don't run the affected tests from an elevated session or strip the privileges from the user token using the cygdrop tool from the cygutils package when running these tests. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple