On win7, cygwin and git bash have different ideas about a file or folder's permission

Question

In Cygwin, I set the permission of a folder "tmp"

$ chmod 600 tmp

$ ls -ld tmp
drw-------+ 1 leecy Users 0 Aug 15 10:56 tmp

But Git Bash (from Git for Windows) gets a different idea of the permission:

$ ls -ld ~/tmp
drwxr-xr-x 1 leecy 1049089 0 Aug 15 10:56 /c/cygwin64/home/leecy/tmp/

I have researched, read, and tried out the suggestions (chgrp, chown :Users, setfacl, etc) from the following posts but still could not find a solution:

By the way, this problem is believed to be the reason why my git clone operation (which uses SSH) has recently stopped working. In the above I am demonstrating the problem with a test folder tmp, but in real life the folder is actually my .ssh and my git clone recently started failing with an error of:

$ git clone ...
Cloning into 'foo'...
Bad owner or permissions on /home/leecy/.ssh/config
fatal: Could not read from remote repository.

There may be some recent change related to the Windows Domain set up (done by the corporate IT people) that is related to this problem -- the problem started to surface after that change.

Versions:

Cygwin: 2.8.2(0.313/5/3)
Git Bash: git version 2.14.1.windows.1

Update

Thanks for the suggestion by Doug Henderson (see it in the comment).
I tried using the command setfacl -b -k, it did remove the extra non-standard POSIX permissions, but it did not solve the problem.

Before using setfacl -b -k

$ getfacl tmp
# file: tmp
# owner: leecy
# group: Users
user::rw-
group::---
other:---
default:user::rwx
default:group::r-x
default:other:r-x

After using setfacl -b -k

leecy@USLEECY-C1 ~
$ setfacl -b -k tmp

leecy@USLEECY-C1 ~
$ getfacl tmp
# file: tmp
# owner: leecy
# group: Users
user::rw-
group::---
other:---

But that did not help

cygwin:

$ ls -ld tmp
drw------- 1 leecy Users 0 Aug 15 10:56 tmp

Git Bash:

$ ls -ld tmp
drwxr-xr-x 1 leecy 1049089 0 Aug 15 10:56 tmp/

Update 2

Using getfacl I examined closely what group the file is in, and indeed cygwin and git bash have two different ideas

Cygwin

$ getfacl tmp
# file: tmp
# owner: leecy
# group: Users
user::rw-
group::---
other:---

Git Bash

$ getfacl tmp
# file: tmp
# owner: leecy
# group: 1049089 <unknown>
user::rwx
group::r-x
other:r-x

The number 1049089 may mean Domain Users in my system, but this number seems to be understood by cygwin but not git bash. I said that because my cygwin /etc/group has a line like this (this file was not there originally, I created it using the command mkgroup -l -d > /etc/group as suggested in this post)

Domain Users:S-1-5-21-1593251271-2640304127-1825641215-513:1049089:

I also tried the command chgrp and chown. Both ran without error, but is not taking effect (the number 545 is the group id for Users that cygwin (but not git bash) understands)

No effect of chgrp

$ getfacl tmp
# file: tmp
# owner: leecy
# group: 1049089 <unknown>
user::rwx
group::r-x
other:r-x

$ chgrp 545 tmp

$ ls -ld tmp
drwxr-xr-x 1 leecy 1049089 0 Aug 15 10:56 tmp/

$ getfacl tmp
# file: tmp
# owner: leecy
# group: 1049089 <unknown>
user::rwx
group::r-x
other:r-x

No effect of chown

leecy@USLEECY-C1 MINGW64 ~
$ chown leecy.545 tmp

leecy@USLEECY-C1 MINGW64 ~
$ ls -ld tmp
drwxr-xr-x 1 leecy 1049089 0 Aug 15 10:56 tmp/

leecy@USLEECY-C1 MINGW64 ~
$ getfacl tmp
# file: tmp
# owner: leecy
# group: 1049089 <unknown>
user::rwx
group::r-x
other:r-x

The `+` at the end of the permissions displayed by ls in cygwin is an indicator that there are additional permissions that do not fit the user/group/other, read/write/execute model. You can display those using the `getfacl` cygwin command, or the `icacls` windows command, or in the file explorer with right-click, properties. Check both the acls for the `tmp` directories, and their parent directory. You may find a default acl on one of those parents that modifies the expected permissions. — Doug Henderson, Aug 16 '17 at 03:48
You should also check the contents of the git global configuration. On both cygwin and msys2, it may be in `~/.gitconfig`. I have configured them to play nice with each other. cygwin and msys2 use different methods to translate windows internal user ids and group ids to the unix style names and numbers. Compare the `/etc/nsswitch.conf` files for clues. — Doug Henderson, Aug 16 '17 at 03:59
@DougHenderson -- Thanks for the suggestion! I tried the command `setfact -b -k` . It did remove the extra non-standard POSIX permissions, but it did not solve the problem. See my update in the question for the details. — leeyuiwah, Aug 16 '17 at 14:18
I also looked at my `~/.gitconfig`. I did not see anything related to permissions there. The only directives in the files are `[user]`, `[credential]` and `[gui]` — leeyuiwah, Aug 16 '17 at 14:20

score 0 · Accepted Answer · answered Aug 16 '17 at 18:37

Thanks for all the suggestions (from Doug Henerson and from matzeri). My original question was about the difference in view of permission by cygwin and git bash, but really what I wanted to achieve is to get my git working again (It was failing with an error of

Bad owner or permissions on /home/leecy/.ssh/config

)

Thanks for the suggestion by matzeri. I tried out the cygwin git and realized that the error of git was not due to the group permission setting of my ~/.ssh or ~/.ssh/config, rather it is the the owner value of the files/folder.

In this case, the owner value should have been leecy, and the display of cygwin and git bash suggested that it had been set correctly, but that was not really the case. I had to run the following command once (in cygwin) to set the value correctly.

chown -R $USER ~/.ssh

After this change, both my cygwin git and git bash worked.

Below is the full transcipt of what I saw before and after the fix:

Before the fix, cygwin said the owner is leecy

$ ls -ld ~/.ssh
drw-------+ 1 leecy EMEA+Domain Users 0 Aug  8 22:18 /home/leecy/.ssh


$ ls -ld ~/.ssh/*
-rwxr-xr-x  1 leecy EMEA+Domain Users  135 Aug 16 13:35 /home/leecy/.ssh/agent.env
-rw-------  1 leecy EMEA+Domain Users  352 Jun  6 13:33 /home/leecy/.ssh/config
-rw-------  1 leecy EMEA+Domain Users 1766 May  8 19:32 /home/leecy/.ssh/id_rsa
-rwxr-xr-x  1 leecy EMEA+Domain Users  403 Jun  6 11:58 /home/leecy/.ssh/id_rsa.pub
-rw-r--r--  1 leecy EMEA+Domain Users 1582 Jun  6 11:50 /home/leecy/.ssh/known_hosts

( This change probably doesn't matter, but I did do it during my test. )

$ chmod 600 ~/.ssh/agent.env

ssh test was failing

$ ssh -v -p 29418 leecy@gerrit.app.foo.com
OpenSSH_7.5p1, OpenSSL 1.0.2k  26 Jan 2017
Bad owner or permissions on /home/leecy/.ssh/config

And then I ran this command

$ chown -R $USER ~/.ssh

On the surface, the value of owner are still the same

$ ls -ld ~/.ssh/*
-rw-------  1 leecy EMEA+Domain Users  135 Aug 16 13:35 /home/leecy/.ssh/agent.env
-rw-------  1 leecy EMEA+Domain Users  352 Jun  6 13:33 /home/leecy/.ssh/config
-rw-------  1 leecy EMEA+Domain Users 1766 May  8 19:32 /home/leecy/.ssh/id_rsa
-rwxr-xr-x  1 leecy EMEA+Domain Users  403 Jun  6 11:58 /home/leecy/.ssh/id_rsa.pub
-rw-r--r--  1 leecy EMEA+Domain Users 1582 Jun  6 11:50 /home/leecy/.ssh/known_hosts


$ ls -ld ~/.ssh
drw-------+ 1 leecy EMEA+Domain Users 0 Aug  8 22:18 /home/leecy/.ssh

But now my ssh works

$ ssh -v -p 29418 leecy@gerrit.app.foo.com
(worked)

On win7, cygwin and git bash have different ideas about a file or folder's permission

1 Answers1