bug#29455: backup-by-copying ACL Operation not permitted with Windows 7 and Samba

bug#29455: backup-by-copying ACL Operation not permitted with Windows 7 and Samba

[Shuguang Sun]

[-- Attachment #1: Type: text/plain, Size: 1987 bytes --]

Hi,

Local: Windows 7
GNU Emacs 27.0.50 (build 1, x86_64-w64-mingw32) of 2017-11-24
(backup-by-copying t)

File is on a server which is mapped as network driver in Windows 7. It
seems a samba according to the SID below.
The SDDL from file-acl is
"O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)"

After I edited the file and write it, the backup meets error:

Debugger entered--Lisp error: (file-error "Setting ACL" "Operation not
permitted"
"c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!drive_i!test_fixed_IA_time.r.~2~")

set-file-acl("c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!drive_i!test_fixed_IA_time.r.~2~"
"O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")

set-file-extended-attributes("c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!drive_i!test_fixed_IA_time.r.~2~"
((acl .
"O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
(selinux-context nil nil nil nil)))
  backup-buffer-copy("i:/power/permutation_test_fixed_IA_time.r"
"c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!drive_i!test_fixed_IA_time.r.~2~"
438 ((acl .
"O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
(selinux-context nil nil nil nil)))
  backup-buffer()
  basic-save-buffer-2()
  basic-save-buffer-1()
  basic-save-buffer(t)
  save-buffer(1)
  funcall-interactively(save-buffer 1)
  call-interactively(save-buffer nil nil)
  command-execute(save-buffer)

The ACL of a local file looks like:
"O:S-1-5-21-1213861250-xxx-207145G:DUD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1213861250-xx-207145)(A;ID;FA;;;LA)"

I think it is a bug because:
1. I have the write access to the mapped network driver
2. If I copy a local file to the mapped network driver, the ACL would be
set up well.
So I don't think there should be a write permission in this backup case.


Best Regards
Shuguang Sun

[-- Attachment #2: Type: text/html, Size: 2528 bytes --]

bug#29455: backup-by-copying ACL Operation not permitted with Windows 7 and Samba

[Eli Zaretskii]

> From: Shuguang Sun <shuguang@gmail.com>
> Date: Sun, 26 Nov 2017 22:59:33 +0800
> 
> Local: Windows 7
> GNU Emacs 27.0.50 (build 1, x86_64-w64-mingw32) of 2017-11-24
> (backup-by-copying t)
> 
> File is on a server which is mapped as network driver in Windows 7. It seems a samba according to the SID
> below.
> The SDDL from file-acl is 
> "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)"
> 
> After I edited the file and write it, the backup meets error:
> 
> Debugger entered--Lisp error: (file-error "Setting ACL" "Operation not permitted"
> "c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!drive_i!test_fixed_IA_time.r.~2~")
>   set-file-acl("c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!drive_i!test_fixed_IA_time.r.~2~"
> "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
>   set-file-extended-attributes
> ("c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!drive_i!test_fixed_IA_time.r.~2~" ((acl .
> "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
> (selinux-context nil nil nil nil)))
>   backup-buffer-copy("i:/power/permutation_test_fixed_IA_time.r"
> "c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!drive_i!test_fixed_IA_time.r.~2~" 438 ((acl .
> "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
> (selinux-context nil nil nil nil)))
>   backup-buffer()
>   basic-save-buffer-2()
>   basic-save-buffer-1()
>   basic-save-buffer(t)
>   save-buffer(1)
>   funcall-interactively(save-buffer 1)
>   call-interactively(save-buffer nil nil)
>   command-execute(save-buffer)

Do you have debug-on-error set to non-nil?  In backup-buffer-copy the
function set-file-extended-attributes is called inside
with-demoted-errors, so unless debug-on-error is non-nil, the error
should have been converted to a simple message, and Emacs should have
felled back to set-file-modes.  Why isn't this happening in your case?

Also, does the following fail with SOME-FILE being a local file?

  M-: set-file-acl("SOME-FILE" "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)") RET

bug#29455: backup-by-copying ACL Operation not permitted with Windows 7 and Samba

[Shuguang Sun]

[-- Attachment #1: Type: text/plain, Size: 3159 bytes --]

The debug-on-error is set to t. If setq it to nil, it just raise and error
warning, and will not stop backup.

The ACE for a local file looks like:
"O:S-1-5-21-1213861250-xx-xx-207145G:DUD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1213861250-xx-xx-207145)(A;ID;FA;;;LA)"
(xx masks some numbers)
(S-1-5-21 is SECURITY_NT_NON_UNIQUE, SIDS are not unique.)

I searched online and find that O:S-1-22 is a unix/linux mapped to windows
by samba. And actually in my situation is that I have files in a linux
server, and mapped it as network driver in Windows 7 (maybe by Samba). All
such kind of files (what I can edit) have ACL/SDDL
O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-
79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD).




On Mon, Nov 27, 2017 at 1:01 AM, Eli Zaretskii <eliz@gnu.org> wrote:

> > From: Shuguang Sun <shuguang@gmail.com>
> > Date: Sun, 26 Nov 2017 22:59:33 +0800
> >
> > Local: Windows 7
> > GNU Emacs 27.0.50 (build 1, x86_64-w64-mingw32) of 2017-11-24
> > (backup-by-copying t)
> >
> > File is on a server which is mapped as network driver in Windows 7. It
> seems a samba according to the SID
> > below.
> > The SDDL from file-acl is
> > "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-
> 79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)"
> >
> > After I edited the file and write it, the backup meets error:
> >
> > Debugger entered--Lisp error: (file-error "Setting ACL" "Operation not
> permitted"
> > "c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!
> drive_i!test_fixed_IA_time.r.~2~")
> >   set-file-acl("c:/Users/username/HOME/.emacs.d/
> autosave/Rfiles/!drive_i!test_fixed_IA_time.r.~2~"
> > "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-
> 79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
> >   set-file-extended-attributes
> > ("c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!
> drive_i!test_fixed_IA_time.r.~2~" ((acl .
> > "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-
> 79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
> > (selinux-context nil nil nil nil)))
> >   backup-buffer-copy("i:/power/permutation_test_fixed_IA_time.r"
> > "c:/Users/username/HOME/.emacs.d/autosave/Rfiles/!
> drive_i!test_fixed_IA_time.r.~2~" 438 ((acl .
> > "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-
> 79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
> > (selinux-context nil nil nil nil)))
> >   backup-buffer()
> >   basic-save-buffer-2()
> >   basic-save-buffer-1()
> >   basic-save-buffer(t)
> >   save-buffer(1)
> >   funcall-interactively(save-buffer 1)
> >   call-interactively(save-buffer nil nil)
> >   command-execute(save-buffer)
>
> Do you have debug-on-error set to non-nil?  In backup-buffer-copy the
> function set-file-extended-attributes is called inside
> with-demoted-errors, so unless debug-on-error is non-nil, the error
> should have been converted to a simple message, and Emacs should have
> felled back to set-file-modes.  Why isn't this happening in your case?
>
> Also, does the following fail with SOME-FILE being a local file?
>
>   M-: set-file-acl("SOME-FILE" "O:S-1-22-1-79077G:S-1-22-2-
> 108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
> RET
>

[-- Attachment #2: Type: text/html, Size: 4174 bytes --]

bug#29455: backup-by-copying ACL Operation not permitted with Windows 7 and Samba

[Eli Zaretskii]

> From: Shuguang Sun <shuguang@gmail.com>
> Date: Mon, 27 Nov 2017 14:29:18 +0800
> Cc: 29455@debbugs.gnu.org
> 
> The debug-on-error is set to t. If setq it to nil, it just raise and error warning, and will not stop backup.

May I ask why do you have it set to t?  The default is nil, and for a
good reason.

> The ACE for a local file looks like:
> "O:S-1-5-21-1213861250-xx-xx-207145G:DUD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)
> (A;ID;FA;;;S-1-5-21-1213861250-xx-xx-207145)(A;ID;FA;;;LA)"
> (xx masks some numbers)
> (S-1-5-21 is SECURITY_NT_NON_UNIQUE, SIDS are not unique.)

Thanks, but that's not what I asked.  I asked you to create a local
file (which I call "SOME-FILE" below, replace that with the actual
name of the file), and then type this inside Emacs:

  M-: (set-file-acl "SOME-FILE" "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)") RET

(This is one long line.)  Then tell me if this succeeded or signaled
an error.

If the above succeeds for an arbitrary file, then please try the same
for a file under the c:/Users/username/HOME/.emacs.d/ directory, maybe
the problem is with the permissions of that directory.

The "Operation not permitted" error seems to indicate that your user
is unable to acquire the privileges needed for setting the DACL of a
file on your local disk.  Or it could mean some other problem.  The
above test might give a hint about the reason for the failure.

> I searched online and find that O:S-1-22 is a unix/linux mapped to windows by samba. And actually in my
> situation is that I have files in a linux server, and mapped it as network driver in Windows 7 (maybe by
> Samba). All such kind of files (what I can edit) have ACL/SDDL O:S-1-22-1-79077G:S-1-22-2-108D:P
> (A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD). 

I don't think this is related to the networked drive, because the
failure happens when Emacs tries to set the DACL of the backup file,
which is stored on your local disk drive.

bug#29455: backup-by-copying ACL Operation not permitted with Windows 7 and Samba

[Shuguang Sun]

[-- Attachment #1: Type: text/plain, Size: 2743 bytes --]

On Mon, Nov 27, 2017 at 11:52 PM, Eli Zaretskii <eliz@gnu.org> wrote:

> > From: Shuguang Sun <shuguang@gmail.com>
> > Date: Mon, 27 Nov 2017 14:29:18 +0800
> > Cc: 29455@debbugs.gnu.org
> >
> > The debug-on-error is set to t. If setq it to nil, it just raise and
> error warning, and will not stop backup.
>
> May I ask why do you have it set to t?  The default is nil, and for a
> good reason.
>
It is a long history and I can't recall when I put it my init file... old
user


> > The ACE for a local file looks like:
> > "O:S-1-5-21-1213861250-xx-xx-207145G:DUD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)
> > (A;ID;FA;;;S-1-5-21-1213861250-xx-xx-207145)(A;ID;FA;;;LA)"
> > (xx masks some numbers)
> > (S-1-5-21 is SECURITY_NT_NON_UNIQUE, SIDS are not unique.)
>
> Thanks, but that's not what I asked.  I asked you to create a local
> file (which I call "SOME-FILE" below, replace that with the actual
> name of the file), and then type this inside Emacs:
>
>   M-: (set-file-acl "SOME-FILE" "O:S-1-22-1-79077G:S-1-22-2-
> 108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
> RET
>
> (This is one long line.)  Then tell me if this succeeded or signaled
> an error.
>
It raises the same error message:

(file-error "Setting ACL" "Operation not permitted"
"c:/Users/username/Documents/base/subtitle.txt")

eval: Setting ACL: Operation not permitted,
c:/Users/username/HOME/.emacs.d/autosave/.bashrc.~1~


> If the above succeeds for an arbitrary file, then please try the same
> for a file under the c:/Users/username/HOME/.emacs.d/ directory, maybe
> the problem is with the permissions of that directory.
>
> The "Operation not permitted" error seems to indicate that your user
> is unable to acquire the privileges needed for setting the DACL of a
> file on your local disk.  Or it could mean some other problem.  The
> above test might give a hint about the reason for the failure.
>
> > I searched online and find that O:S-1-22 is a unix/linux mapped to
> windows by samba. And actually in my
> > situation is that I have files in a linux server, and mapped it as
> network driver in Windows 7 (maybe by
> > Samba). All such kind of files (what I can edit) have ACL/SDDL
> O:S-1-22-1-79077G:S-1-22-2-108D:P
> > (A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD).
>
> I don't think this is related to the networked drive, because the
> failure happens when Emacs tries to set the DACL of the backup file,
> which is stored on your local disk drive.
>
It copies the DACL from the file in the network drive. I don't know the
exact underlying logic under Windows 7. But if I copy the file from the
netdrive to local disk drive, the ACL will change from O:S-1-22-1  to
O:S-1-5-21, vise versa. The owner (O:S-) changes.

[-- Attachment #2: Type: text/html, Size: 4017 bytes --]

bug#29455: backup-by-copying ACL Operation not permitted with Windows 7 and Samba

[Shuguang Sun]

[-- Attachment #1: Type: text/plain, Size: 2797 bytes --]

On Mon, Nov 27, 2017 at 11:52 PM, Eli Zaretskii <eliz@gnu.org> wrote:

> > From: Shuguang Sun <shuguang@gmail.com>
> > Date: Mon, 27 Nov 2017 14:29:18 +0800
> > Cc: 29455@debbugs.gnu.org
> >
> > The debug-on-error is set to t. If setq it to nil, it just raise and
> error warning, and will not stop backup.
>
> May I ask why do you have it set to t?  The default is nil, and for a
> good reason.
>
> > The ACE for a local file looks like:
> > "O:S-1-5-21-1213861250-xx-xx-207145G:DUD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)
> > (A;ID;FA;;;S-1-5-21-1213861250-xx-xx-207145)(A;ID;FA;;;LA)"
> > (xx masks some numbers)
> > (S-1-5-21 is SECURITY_NT_NON_UNIQUE, SIDS are not unique.)
>
> Thanks, but that's not what I asked.  I asked you to create a local
> file (which I call "SOME-FILE" below, replace that with the actual
> name of the file), and then type this inside Emacs:
>
>   M-: (set-file-acl "SOME-FILE" "O:S-1-22-1-79077G:S-1-22-2-
> 108D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
> RET
>

It raises the same error message:
(file-error "Setting ACL" "Operation not permitted"
"c:/Users/username/Documents/base/subtitle.txt")

or
eval: Setting ACL: Operation not permitted, c:/Users/username/HOME/.emacs.
d/autosave/.bashrc.~1~

2.
(set-file-acl "subtitle.txt"
"O:S-1-22-1-79077G:S-1-22-2-108D:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1213861250-xx-207145)(A;ID;FA;;;LA)")

returns nil
In this case, "O:S-1-22-1-79077G:S-1-22-2-108" is from DACL in network
drive;
"D:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1213861250-xx-207145)(A;ID;FA;;;LA)"
is from local drive where I have full read/write access.



>
> (This is one long line.)  Then tell me if this succeeded or signaled
> an error.
>
> If the above succeeds for an arbitrary file, then please try the same
> for a file under the c:/Users/username/HOME/.emacs.d/ directory, maybe
> the problem is with the permissions of that directory.
>
> The "Operation not permitted" error seems to indicate that your user
> is unable to acquire the privileges needed for setting the DACL of a
> file on your local disk.  Or it could mean some other problem.  The
> above test might give a hint about the reason for the failure.
>
> > I searched online and find that O:S-1-22 is a unix/linux mapped to
> windows by samba. And actually in my
> > situation is that I have files in a linux server, and mapped it as
> network driver in Windows 7 (maybe by
> > Samba). All such kind of files (what I can edit) have ACL/SDDL
> O:S-1-22-1-79077G:S-1-22-2-108D:P
> > (A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD).
>
> I don't think this is related to the networked drive, because the
> failure happens when Emacs tries to set the DACL of the backup file,
> which is stored on your local disk drive.
>

[-- Attachment #2: Type: text/html, Size: 3946 bytes --]

bug#29455: backup-by-copying ACL Operation not permitted with Windows 7 and Samba

[Shuguang Sun]

[-- Attachment #1: Type: text/plain, Size: 3465 bytes --]

3.
(set-file-acl "subtitle.txt"
"O:S-1-5-21-1213861250-xx-xx-207145G:DUD:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")

return t.
It changes the group or user of the file subtitle.txt, and keep only
"Everyone" (read), "S-1-22-1-79077"(r+w+x), and "S-1-22-2-108" (read). The
Windows doesn't know "S-1-22-1-79077", and "S-1-22-2-108" which comes from
the mapped network drive (users or groups in ther linux server).
The user, me, can't modify the file (permission denied).


On Tue, Nov 28, 2017 at 6:43 PM, Shuguang Sun <shuguang@gmail.com> wrote:

>
>
> On Mon, Nov 27, 2017 at 11:52 PM, Eli Zaretskii <eliz@gnu.org> wrote:
>
>> > From: Shuguang Sun <shuguang@gmail.com>
>> > Date: Mon, 27 Nov 2017 14:29:18 +0800
>> > Cc: 29455@debbugs.gnu.org
>> >
>> > The debug-on-error is set to t. If setq it to nil, it just raise and
>> error warning, and will not stop backup.
>>
>> May I ask why do you have it set to t?  The default is nil, and for a
>> good reason.
>>
>> > The ACE for a local file looks like:
>> > "O:S-1-5-21-1213861250-xx-xx-207145G:DUD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)
>> > (A;ID;FA;;;S-1-5-21-1213861250-xx-xx-207145)(A;ID;FA;;;LA)"
>> > (xx masks some numbers)
>> > (S-1-5-21 is SECURITY_NT_NON_UNIQUE, SIDS are not unique.)
>>
>> Thanks, but that's not what I asked.  I asked you to create a local
>> file (which I call "SOME-FILE" below, replace that with the actual
>> name of the file), and then type this inside Emacs:
>>
>>   M-: (set-file-acl "SOME-FILE" "O:S-1-22-1-79077G:S-1-22-2-10
>> 8D:P(A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)")
>> RET
>>
>
> It raises the same error message:
> (file-error "Setting ACL" "Operation not permitted"
> "c:/Users/username/Documents/base/subtitle.txt")
>
> or
> eval: Setting ACL: Operation not permitted, c:/Users/username/HOME/.emacs.
> d/autosave/.bashrc.~1~
>
> 2.
> (set-file-acl "subtitle.txt" "O:S-1-22-1-79077G:S-1-22-2-
> 108D:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-
> 1213861250-xx-207145)(A;ID;FA;;;LA)")
> returns nil
> In this case, "O:S-1-22-1-79077G:S-1-22-2-108" is from DACL in network
> drive; "D:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-
> 1213861250-xx-207145)(A;ID;FA;;;LA)" is from local drive where I have
> full read/write access.
>
>
>
>>
>> (This is one long line.)  Then tell me if this succeeded or signaled
>> an error.
>>
>> If the above succeeds for an arbitrary file, then please try the same
>> for a file under the c:/Users/username/HOME/.emacs.d/ directory, maybe
>> the problem is with the permissions of that directory.
>>
>> The "Operation not permitted" error seems to indicate that your user
>> is unable to acquire the privileges needed for setting the DACL of a
>> file on your local disk.  Or it could mean some other problem.  The
>> above test might give a hint about the reason for the failure.
>>
>> > I searched online and find that O:S-1-22 is a unix/linux mapped to
>> windows by samba. And actually in my
>> > situation is that I have files in a linux server, and mapped it as
>> network driver in Windows 7 (maybe by
>> > Samba). All such kind of files (what I can edit) have ACL/SDDL
>> O:S-1-22-1-79077G:S-1-22-2-108D:P
>> > (A;;0x1e01ff;;;S-1-22-1-79077)(A;;FR;;;S-1-22-2-108)(A;;FR;;;WD).
>>
>> I don't think this is related to the networked drive, because the
>> failure happens when Emacs tries to set the DACL of the backup file,
>> which is stored on your local disk drive.
>>
>
>

[-- Attachment #2: Type: text/html, Size: 5200 bytes --]

bug#29455: backup-by-copying ACL Operation not permitted with Windows 7 and Samba

[Eli Zaretskii]

> From: Shuguang Sun <shuguang@gmail.com>
> Date: Tue, 28 Nov 2017 18:43:53 +0800
> Cc: 29455@debbugs.gnu.org
> 
>  Thanks, but that's not what I asked.  I asked you to create a local
>  file (which I call "SOME-FILE" below, replace that with the actual
>  name of the file), and then type this inside Emacs:
> 
>    M-: (set-file-acl "SOME-FILE" "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)
>  (A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)") RET
> 
> It raises the same error message:
> (file-error "Setting ACL" "Operation not permitted" "c:/Users/username/Documents/base/subtitle.txt")
> 
> or
> eval: Setting ACL: Operation not permitted, c:/Users/username/HOME/.emacs.d/autosave/.bashrc.~1~

OK, I think I understand what causes this: the problem is with setting
the owner of the file to a user whose SID the local system doesn't
recognize, because it's not a local user.  If you omit the
O:S-1-22-1-79077G:S-1-22-2-108 part from the argument, the
set-file-acl call will most probably succeed.

I think that Emacs works correctly in this case: it tries to preserve
the ACLs of the original file in the backup file, and when that fails,
falls back to preserving only the read-write mode bits.  Your original
problem was caused by debug-on-error being non-nil, which shouldn't be
done except when debugging something.

I don't see how we could avoid showing the error message, because
Emacs cannot possibly know which user SID values are known to the
local system.  When you configure your backups of files from networked
drives to be stored on a local disk, you should realize that you run
the risk of having these problems with preserving extended
permissions.

So I think we see Emacs working as designed, and this bug should be
closed.

bug#29455: backup-by-copying ACL Operation not permitted with Windows 7 and Samba

[Stefan Kangas]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Shuguang Sun <shuguang@gmail.com>
>> Date: Tue, 28 Nov 2017 18:43:53 +0800
>> Cc: 29455@debbugs.gnu.org
>>
>>  Thanks, but that's not what I asked.  I asked you to create a local
>>  file (which I call "SOME-FILE" below, replace that with the actual
>>  name of the file), and then type this inside Emacs:
>>
>>    M-: (set-file-acl "SOME-FILE" "O:S-1-22-1-79077G:S-1-22-2-108D:P(A;;0x1e01ff;;;S-1-22-1-79077)
>>  (A;;FR;;;S-1-22-2-108)(A;;FR;;;WD)") RET
>>
>> It raises the same error message:
>> (file-error "Setting ACL" "Operation not permitted" "c:/Users/username/Documents/base/subtitle.txt")
>>
>> or
>> eval: Setting ACL: Operation not permitted, c:/Users/username/HOME/.emacs.d/autosave/.bashrc.~1~
>
> OK, I think I understand what causes this: the problem is with setting
> the owner of the file to a user whose SID the local system doesn't
> recognize, because it's not a local user.  If you omit the
> O:S-1-22-1-79077G:S-1-22-2-108 part from the argument, the
> set-file-acl call will most probably succeed.
>
> I think that Emacs works correctly in this case: it tries to preserve
> the ACLs of the original file in the backup file, and when that fails,
> falls back to preserving only the read-write mode bits.  Your original
> problem was caused by debug-on-error being non-nil, which shouldn't be
> done except when debugging something.
>
> I don't see how we could avoid showing the error message, because
> Emacs cannot possibly know which user SID values are known to the
> local system.  When you configure your backups of files from networked
> drives to be stored on a local disk, you should realize that you run
> the risk of having these problems with preserving extended
> permissions.
>
> So I think we see Emacs working as designed, and this bug should be
> closed.

According to the above, this bug should be closed.  I'm doing so now.

Best regards,
Stefan Kangas