Re: Using cp converts windows junctions to a cywin symlink
On Nov 2 13:57, Adrian H wrote: > I was copying a directory of files, some of which were windows junctions. > These got converted to a cygwin symlink. Although I am impressed that there > are such a thing for those OSs/drives that do not support such things, for > those > that do, I think it would be good to keep the copy a junction. Otherwise, > things can get messy. > > Can this be corrected? No. The actual copy is done by the application, not by Cygwin. The application (cp, rsync, whatnot) is a POSIX application which has no notion of "junctions". From the view of the POSIX application, directory junctions are symlinks. So the copying application will call the symlink or symlinkat function. This call has no idea that the to-be-created symlink is a copy of a directory juntion. After all, there 's no connection between the stat call on the source and the symlink call on the destination. To alleviate this partially, you can copy with the environment variable CYGWIN set to "winsymlinks:native" or "winsymlinks:nativestrict". This will create native symlinks, not directory junctions, so it requires the "Create symbolic links" privilege set for the current user, but it's better than nothing. From a consumer perspective, a directory junction and a symlink to a directory are not really different. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat pgpW_c9gQOvg6.pgp Description: PGP signature
Re: Using cp converts windows junctions to a cywin symlink; a security-config override
Greetings, Linda Walsh! >> > I was copying a directory of files, some of which were windows junctions. >> > These got converted to a cygwin symlink. Although I am impressed that >> > there >> > are such a thing for those OSs/drives that do not support such things, for >> > those >> > that do, I think it would be good to keep the copy a junction. Otherwise, >> > things can get messy. >> > Can this be corrected? > --- > (BTW -- you do know about the 'winsymlinks:native' setting in the > CYGWIN environment variable? It might be of some use.) > Andrey wrote: >> Unfortunately, even on systems, that do support symlinks functionality, >> it is restricted by UAC and not easily unlocked. > --- > Actually that's control by Windows group policy. Yes, I know. But when UAC is enabled, it overriding this policy setting. That's why I said that you need either admin console, or UAC turned off. > It's alot like whether not 'users' can control 'mounts' on linux. > It can be allowed, but doing so categorically might not be considered > wise. Microsoft does not follow common logic. >> You'd need an admin shell or a user profile with UAC turned off and >> permissions correctly configured to exploit native symlinks. > --- > Or the system administrator would have to enable user-control of local > symlinks. ... > On my windows machine, unprivileged users are able to create all 4 types > of symbolic links. Do you have UAC enabled? >> And Cygwin does not support creation of directory junctions to the best >> of my knowledge. :( > --- > Neither does linux support creation of user-controlled mounts. However, Windows allows creation of directory junctions just fine. But blocks Symlinks. -- With best regards, Andrey Repin Tuesday, November 3, 2015 02:34:22 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Using cp converts windows junctions to a cywin symlink; a security-config override
Andrey Repin wrote: Greetings, Adrian H! > I was copying a directory of files, some of which were windows junctions. > These got converted to a cygwin symlink. Although I am impressed that there > are such a thing for those OSs/drives that do not support such things, for those > that do, I think it would be good to keep the copy a junction. Otherwise, > things can get messy. > Can this be corrected? --- (BTW -- you do know about the 'winsymlinks:native' setting in the CYGWIN environment variable? It might be of some use.) Andrey wrote: Unfortunately, even on systems, that do support symlinks functionality, it is restricted by UAC and not easily unlocked. --- Actually that's control by Windows group policy. It's alot like whether not 'users' can control 'mounts' on linux. It can be allowed, but doing so categorically might not be considered wise. You'd need an admin shell or a user profile with UAC turned off and permissions correctly configured to exploit native symlinks. --- Or the system administrator would have to enable user-control of local symlinks. The ability to allow users to create and use symlinks is control through 4 settings: fsutil behavior query SymlinkEvaluation * Local to local symbolic links are enabled. * Local to remote symbolic links are enabled. * Remote to local symbolic links are enabled. * Remote to remote symbolic links are enabled. --- On my windows machine, unprivileged users are able to create all 4 types of symbolic links. As for junctions and mountvols -- they require the same privileges on windows as they do on linux. I.e. a normal user can't mount or graft portions of the file system other places -- mount is normally restricted to root-only. Having cygwin destroy/overwrite linux-comparable 'mounts' would be and should be considered a serious security bug. If I mount a linux dir at another location -- imagine if 'cp' changed those mount point to symbolic links (which no longer work consistently or the same on linux as they use to, as some security-spazes came up with the idea that being able to create a symlink (not hardlink) to a file you don't own, was considered a security risk -- even though in reality symlinks are safer than hardlinks in such cases, because the symlinks have to traverse the intervening directories and security checks. On windows, the "allow traversing paths you don't have access to" is a privilege that has been used to allow users access to area they didn't normally have access to. However, on linux there never was such a privilege, so the added the ability to mount normally "private" areas in other places -- going around the intermediate path-walk-security checks. Now with the mount option, the default on most distros is to disable creating symlinks to files you don't own -- which doesn't serve the same purpose -- since such symlinks STILL follow all the intervening security checks at each directory. Note--disabling the windows privilege to bypass traversed directory security checks would achieve the same effect on windows as it does on linux, but MS strongly advises against doing this, as so much software makes use of this feature and assumes it is in place (it is the default). To find out more about the linux google on /proc/sys/fs/protected_hardlinks & /proc/sys/fs/protected_symlinks And Cygwin does not support creation of directory junctions to the best of my knowledge. :( --- Neither does linux support creation of user-controlled mounts. Not have cygwin destroy "volume mount points" that are a parallel to linux's ability to mount any directory anywhere else, would be very useful. Destroying the mountpoints as it does now, is a hacker's dream, as they can destroy a local admin's mounting of a read-only dir there and allow potentially virus laden programs to replace them. Nice. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Using cp converts windows junctions to a cywin symlink
Greetings, Adrian H! > I was copying a directory of files, some of which were windows junctions. > These got converted to a cygwin symlink. Although I am impressed that there > are such a thing for those OSs/drives that do not support such things, for > those > that do, I think it would be good to keep the copy a junction. Otherwise, > things can get messy. > Can this be corrected? Unfortunately, even on systems, that do support symlinks functionality, it is restricted by UAC and not easily unlocked. You'd need an admin shell or a user profile with UAC turned off and permissions correctly configured to exploit native symlinks. And Cygwin does not support creation of directory junctions to the best of my knowledge. :( -- With best regards, Andrey Repin Monday, November 2, 2015 22:48:43 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Using cp converts windows junctions to a cywin symlink
I was copying a directory of files, some of which were windows junctions. These got converted to a cygwin symlink. Although I am impressed that there are such a thing for those OSs/drives that do not support such things, for those that do, I think it would be good to keep the copy a junction. Otherwise, things can get messy. Can this be corrected? Thanks, A -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple