From unknown Sun Jun 22 11:45:10 2025 X-Loop: help-debbugs@gnu.org Subject: bug#41218: 26.3; Windows: file-writable-p returns t for a file owned by the Administrators group but not writable by the user, a member of the Administrators group Resent-From: "Michael Hoffman" Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 12 May 2020 21:17:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 41218 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 41218@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.158931820830988 (code B ref -1); Tue, 12 May 2020 21:17:01 +0000 Received: (at submit) by debbugs.gnu.org; 12 May 2020 21:16:48 +0000 Received: from localhost ([127.0.0.1]:56671 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jYcGd-00083j-Af for submit@debbugs.gnu.org; Tue, 12 May 2020 17:16:48 -0400 Received: from lists.gnu.org ([209.51.188.17]:43868) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jYbYP-0006nF-5s for submit@debbugs.gnu.org; Tue, 12 May 2020 16:31:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54910) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jYbYO-0005BS-U1 for bug-gnu-emacs@gnu.org; Tue, 12 May 2020 16:31:04 -0400 Received: from sneak2.sneakemail.com ([64.46.159.148]:36322) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jYbYN-0008PO-Ba for bug-gnu-emacs@gnu.org; Tue, 12 May 2020 16:31:04 -0400 Received: from sneaked (ip-172-17-0-3.ec2.internal [172.17.0.3]) by 66321a2d97ce.localdomain (Postfix) with ESMTP id 4FC336000B for ; Tue, 12 May 2020 20:31:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=snkmail.com; s=mail; t=1589315462; bh=n5GexpPuM7yKpATep6tJlQpUi9z5riTo8qa6NRGRnzQ=; h=From:Date:Subject:To:From; b=fscjGjGxb6ZpE5uCH+Civ0TEd3FOvG5csRf8dA2Wds9E1AuIzBnSTTQNRNrKsPZQK xdm7qq8/QJd77HoOQspp+mDk2LGK1MwsbQkrlDEItlfeROdqOqGBPfB8e5meHb8pET zhYNd1IbuqCIxsieu2wups+iyP3sNTX0JXgbz0uH76flJa69AlxMBhH4D3xIQpwbRD iRoucgsPIRg+AEqmjO4vgCn8z8a5xP7GYzCY2hAkaNEKX59TCSj6BuOoFQoZAXsjCG dXcJ7un7dYtfHwg3rMkpsNamNvJK+JKGg9GYuQ/fHHW76XCCqGs7PuKT+WfDDhxrjW LOxgjAzkh92+Q== Received: from 40.107.67.133 by mail.sneakemail.com with SMTP; 12 May 2020 20:31:02 -0000 Received: (sneakemail censored 29272-1589315462-76131 #4); 12 May 2020 20:31:02 -0000 Received: (sneakemail censored 29272-1589315462-76131 #3); 12 May 2020 20:31:02 -0000 Received: (sneakemail censored 29272-1589315462-76131 #2); 12 May 2020 20:31:02 -0000 Received: (sneakemail censored 29272-1589315462-76131 #1); 12 May 2020 20:31:02 -0000 Arc-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GSq9JO/ESb56CiaWro/sC4LGBMOvIKGu/13oLja8PidMqVLvBstH7nP+u2oKhJE/IkYF3+SroHZS5pOFHyfLB9d5N2sU7oIUzOnP6csF2c3oyJgc8Oa7y2fyy08dyMKRFduwl+d3YL1fUjILSISazUSoQfZCyg44eURqLVu0auXahsdBRlbVqV7pQm9hRij4GN5SLBD6sUYHa1k970H9uR7J6WqvoW96zUuRFe9CzI2JTbtJlyDwx9Be1m8tgfjy8nQdtbsfo9MRxVsW9CoPITtODBKW0gKcpXmEntfRUz2cOvARZEe9OlZE/Q8BwlPj+xzVUOq9ibySHkrssPU4dQ== Arc-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XLi8e+dOG5Gcac+kII5jko7kMd88oYV0A6FbBMuSrH0=; b=k/QinyCt8buqjQDew9JmHKWHH7cYxm9JkFYLo9wTQ8OIu+lhAet1lWfYeYR6WETbAkJeMyOAe16RoCj/FbeujOHrVIG/zmdm6td9dIXZaeYkYu4ANxmOQ7DRpjIvV3mBx/72ZBaDTzj7yRpj9WUbWMphKeDI+5XbzTPchuLrucm33k2sb1JcgG7+HmCHv9EQwU/D69HiPQyTPTFSzy9DPNHbY3lNsIAzHa4guBitHqFGtbIGl6qhagS5OGI7XIqPPCLBTHGLCV9xvNKZa0AWWC2724lMs/vlLhLKaaVOvjGB2Pi/rTbc6IorY6TvWzybbh22tGTvsWowO0dSMWSofg== Arc-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=utoronto.ca; dmarc=pass action=none header.from=utoronto.ca; dkim=pass header.d=utoronto.ca; arc=none Authentication-Results: sneakemail.com; dkim=none (message not signed) header.d=none; sneakemail.com; dmarc=none action=none header.from=utoronto.ca; From: "Michael Hoffman" Date: Tue, 12 May 2020 16:30:48 -0400 Message-ID: <29272-1589315462-76131@sneakemail.com> Content-Type: multipart/alternative; boundary="0000000000006ab2c705a57957b9" MIME-Version: 1.0 X-Mailer: Perl5 Mail::Internet v Received-SPF: pass client-ip=64.46.159.148; envelope-from=emacs-hoffman@snkmail.com; helo=sneak2.sneakemail.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/12 16:31:02 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_MED=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Mailman-Approved-At: Tue, 12 May 2020 17:16:46 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) --0000000000006ab2c705a57957b9 Content-Type: text/plain; charset="UTF-8" 1. Start elevated Powershell (Win+X,A) and create file C:\foo.txt owned by the Administrators group PS C:\> $null > C:\foo.txt PS C:\> takeown /A /F C:\foo.txt SUCCESS: The file (or folder): "C:\foo.txt" now owned by the administrators group. 2. Open `emacs -Q` 3. C-x C-f C:/foo.txt 4. Type `(file-writable-p "foo.txt")` C-x C-e t 5. C-x C-s Saving file c:/foo.txt... Cannot write backup file; backing up in ~/.emacs.d/%backup%~ Error: (file-error "Setting ACL" "Operation not permitted" "c:/Users/mhoffman/.emacs.d/%backup%~") basic-save-buffer-2: Opening output file: Permission denied, c:/foo.txt Expected that `(file-writable-p "foo.txt")` would return nil. In GNU Emacs 26.3 (build 1, x86_64-w64-mingw32) of 2019-08-29 built on CIRROCUMULUS Repository revision: 96dd0196c28bc36779584e47fffcca433c9309cd Windowing system distributor 'Microsoft Corp.', version 10.0.18363 Recent messages: For information about GNU Emacs and the GNU system, type C-h C-a. Mark activated Configured using: 'configure --without-dbus --host=x86_64-w64-mingw32 --without-compress-install 'CFLAGS=-O2 -static -g3'' Configured features: XPM JPEG TIFF GIF PNG RSVG SOUND NOTIFY ACL GNUTLS LIBXML2 ZLIB TOOLKIT_SCROLL_BARS THREADS LCMS2 Important settings: value of $LANG: ENU locale-coding-system: cp1252 Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t global-eldoc-mode: t eldoc-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Load-path shadows: None found. Features: (shadow sort mail-extr emacsbug message rmc puny seq byte-opt gv bytecomp byte-compile cconv cl-loaddefs cl-lib dired dired-loaddefs format-spec rfc822 mml easymenu mml-sec password-cache epa derived epg epg-config gnus-util rmail rmail-loaddefs mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils elec-pair time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win w32-vars term/common-win tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode elisp-mode lisp-mode prog-mode register page menu-bar rfn-eshadow isearch timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core term/tty-colors frame cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite charscript charprop case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote threads w32notify w32 lcms2 multi-tty make-network-process emacs) Memory information: ((conses 16 97495 11932) (symbols 48 20211 1) (miscs 40 42 143) (strings 32 29766 1358) (string-bytes 1 773975) (vectors 16 13889) (vector-slots 8 494823 7634) (floats 8 51 193) (intervals 56 251 11) (buffers 992 11)) --0000000000006ab2c705a57957b9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable 1. Start elevated Powershell (Win+X,A) and create file C= :\foo.txt owned by the Administrators group

PS C:\> $null > C:= \foo.txt
PS C:\> takeown /A /F C:\foo.txt

SUCCESS: The file (o= r folder): "C:\foo.txt" now owned by the administrators group.
2. Open `emacs -Q`

3. C-x C-f C:/foo.txt

4. Type `(file-= writable-p "foo.txt")` C-x C-e
t

5. C-x C-s
Saving f= ile c:/foo.txt...
Cannot write backup file; backing up in ~/.emacs.d/%ba= ckup%~
Error: (file-error "Setting ACL" "Operation not pe= rmitted" "c:/Users/mhoffman/.emacs.d/%backup%~")
basic-sa= ve-buffer-2: Opening output file: Permission denied, c:/foo.txt

Expe= cted that `(file-writable-p "foo.txt")` would return nil.

=
In GNU Emacs 26.3 (build 1, x86_64-w64-mingw32)
 of 2019-08-29 = built on CIRROCUMULUS
Repository revision: 96dd0196c28bc36779584e47fffcc= a433c9309cd
Windowing system distributor 'Microsoft Corp.', version 10.0= .18363
Recent messages:
For information about GNU Emacs and the GNU s= ystem, type C-h C-a.
Mark activated

Configured using:
 'c= onfigure --without-dbus --host=3Dx86_64-w64-mingw32
 --without-comp= ress-install 'CFLAGS=3D-O2 -static -g3''

Configured features:
XPM= JPEG TIFF GIF PNG RSVG SOUND NOTIFY ACL GNUTLS LIBXML2 ZLIB
TOOLKIT_SCR= OLL_BARS THREADS LCMS2

Important settings:
  value of $LANG:= ENU
  locale-coding-system: cp1252

Major mode: Lisp Interac= tion

Minor modes in effect:
  tooltip-mode: t
  glob= al-eldoc-mode: t
  eldoc-mode: t
  electric-indent-mode: t<= br>  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar= -mode: t
  file-name-shadow-mode: t
  global-font-lock-mode= : t
  font-lock-mode: t
  blink-cursor-mode: t
  au= to-composition-mode: t
  auto-encryption-mode: t
  auto-com= pression-mode: t
  line-number-mode: t
  transient-mark-mod= e: t

Load-path shadows:
None found.

Features:
(shadow s= ort mail-extr emacsbug message rmc puny seq byte-opt gv
bytecomp byte-co= mpile cconv cl-loaddefs cl-lib dired dired-loaddefs
format-spec rfc822 m= ml easymenu mml-sec password-cache epa derived epg
epg-config gnus-util = rmail rmail-loaddefs mm-decode mm-bodies mm-encode
mail-parse rfc2231 ma= ilabbrev gmm-utils mailheader sendmail rfc2047
rfc2045 ietf-drums mm-uti= l mail-prsvr mail-utils elec-pair time-date
mule-util tooltip eldoc elec= tric uniquify ediff-hook vc-hooks
lisp-float-type mwheel dos-w32 ls-lisp= disp-table term/w32-win w32-win
w32-vars term/common-win tool-bar dnd f= ontset image regexp-opt fringe
tabulated-list replace newcomment text-mo= de elisp-mode lisp-mode
prog-mode register page menu-bar rfn-eshadow ise= arch timer select
scroll-bar mouse jit-lock font-lock syntax facemenu fo= nt-core
term/tty-colors frame cl-generic cham georgian utf-8-lang misc-l= ang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp5193= 2
hebrew greek romanian slovak czech european ethiopic indian cyrillicchinese composite charscript charprop case-table epa-hook jka-cmpr-hookhelp simple abbrev obarray minibuffer cl-preloaded nadvice loaddefs
bu= tton faces cus-face macroexp files text-properties overlay sha1 md5
base= 64 format env code-pages mule custom widget hashtable-print-readable
bac= kquote threads w32notify w32 lcms2 multi-tty make-network-process
emacs)=

Memory information:
((conses 16 97495 11932)
 (symbols 4= 8 20211 1)
 (miscs 40 42 143)
 (strings 32 29766 1358)
&= nbsp;(string-bytes 1 773975)
 (vectors 16 13889)
 (vector-s= lots 8 494823 7634)
 (floats 8 51 193)
 (intervals 56 251 1= 1)
 (buffers 992 11))
--0000000000006ab2c705a57957b9-- From unknown Sun Jun 22 11:45:10 2025 X-Loop: help-debbugs@gnu.org Subject: bug#41218: 26.3; Windows: file-writable-p returns t for a file owned by the Administrators group but not writable by the user, a member of the Administrators group Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 13 May 2020 14:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41218 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: "Michael Hoffman" Cc: 41218@debbugs.gnu.org Received: via spool by 41218-submit@debbugs.gnu.org id=B41218.15893799548338 (code B ref 41218); Wed, 13 May 2020 14:26:01 +0000 Received: (at 41218) by debbugs.gnu.org; 13 May 2020 14:25:54 +0000 Received: from localhost ([127.0.0.1]:59031 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jYsKX-0002AQ-PF for submit@debbugs.gnu.org; Wed, 13 May 2020 10:25:53 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51986) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jYsKR-00029v-BU; Wed, 13 May 2020 10:25:50 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:37687) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jYsKL-0000Td-RZ; Wed, 13 May 2020 10:25:41 -0400 Received: from [176.228.60.248] (port=2258 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jYsKL-000391-66; Wed, 13 May 2020 10:25:41 -0400 Date: Wed, 13 May 2020 17:25:23 +0300 Message-Id: <83mu6b7vzg.fsf@gnu.org> From: Eli Zaretskii In-Reply-To: <29272-1589315462-76131@sneakemail.com> (emacs-hoffman@snkmail.com) References: <29272-1589315462-76131@sneakemail.com> X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) severity 41218 wishlist thanks > From: "Michael Hoffman" > Date: Tue, 12 May 2020 16:30:48 -0400 > > 1. Start elevated Powershell (Win+X,A) and create file C:\foo.txt owned by the Administrators group > > PS C:\> $null > C:\foo.txt > PS C:\> takeown /A /F C:\foo.txt > > SUCCESS: The file (or folder): "C:\foo.txt" now owned by the administrators group. > > 2. Open `emacs -Q` > > 3. C-x C-f C:/foo.txt > > 4. Type `(file-writable-p "foo.txt")` C-x C-e > t > > 5. C-x C-s > Saving file c:/foo.txt... > Cannot write backup file; backing up in ~/.emacs.d/%backup%~ > Error: (file-error "Setting ACL" "Operation not permitted" "c:/Users/mhoffman/.emacs.d/%backup%~") > basic-save-buffer-2: Opening output file: Permission denied, c:/foo.txt > > Expected that `(file-writable-p "foo.txt")` would return nil. Emacs on MS-Windows doesn't check the ACLs when it determines whether a file is writable. The reason is that there doesn't seem to be a general reliable way of doing so, given that access rights on Windows are many times implicitly given because the user belongs to some group that is granted access. Basically, the only reliable way of making sure the file is writable is to try writing to it; any other kind of test I know of is plagued with false negatives, i.e. they frequently tell the file is not writable when in fact it is, which I consider a greater evil than the kind of problem you report. And the fact that one normally needs to jump through hoops (elevating your session, using tools that make the file explicitly owned by a privileged group, etc.) to create such a situation on Windows is one more reason not to bother about this too much. IOW, the situation is rare. Of course, if someone can explain how to perform this test in a way that takes ACLs into account and would be reliable, we could consider implementing it (assuming it isn't too expensive, since such a test will have to be performed each time a user saves a buffer to its file). Thanks. From unknown Sun Jun 22 11:45:10 2025 X-Loop: help-debbugs@gnu.org Subject: bug#41218: 26.3; Windows: file-writable-p returns t for a file owned by the Administrators group but not writable by the user, a member of the Administrators group Resent-From: "Michael Hoffman" Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 13 May 2020 16:13:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41218 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 41218@debbugs.gnu.org Received: via spool by 41218-submit@debbugs.gnu.org id=B41218.158938636527035 (code B ref 41218); Wed, 13 May 2020 16:13:02 +0000 Received: (at 41218) by debbugs.gnu.org; 13 May 2020 16:12:45 +0000 Received: from localhost ([127.0.0.1]:59179 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jYtzx-00071z-E6 for submit@debbugs.gnu.org; Wed, 13 May 2020 12:12:45 -0400 Received: from sneak2.sneakemail.com ([64.46.159.148]:45494) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jYttX-0006s8-6L for 41218@debbugs.gnu.org; Wed, 13 May 2020 12:06:09 -0400 Received: from sneaked (ip-172-17-0-3.ec2.internal [172.17.0.3]) by 66321a2d97ce.localdomain (Postfix) with ESMTP id CFD546000C for <41218@debbugs.gnu.org>; Wed, 13 May 2020 16:06:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=snkmail.com; s=mail; t=1589385966; bh=IhWXWzlHQOV2+eej3l40tRnzl8IBTw5b2t8a8YQhh/Y=; h=References:In-Reply-To:From:Date:Subject:To:From; b=32LtzKAZSlG4eigvCwwHhcenDVaIzYscsWHev+LNinbNqHJ61Ou4FE3JUxe68axK+ j2CAX8qnRg8zcBG6oe8RQylG/UJlTQVElhni8MFLRFkW4bDs15PvKkJGy5n+BGQBPy DMsI8PtutFVy82JIvzzfQIyrLowxOdRDOEsssOl6UawIvOQwRJd0h8iOzedIz75mfz QhGb7URkxADslU8U+Go/0hPn36+5vtrIYOiNYGQCTA6b2NsolzFTvHpyIV5cck3FQs rmPgC7E8gRCPrbsdd6VnIFKSUEM2PZ2DEtQaD3O3d/kYyhtkcjEEzFj3a+A2OERKs8 3VJXUf6eIAEyw== Received: from 40.107.66.105 by mail.sneakemail.com with SMTP; 13 May 2020 16:06:06 -0000 Received: (sneakemail censored 9557-1589385966-320243 #4); 13 May 2020 16:06:06 -0000 Received: (sneakemail censored 9557-1589385966-320243 #3); 13 May 2020 16:06:06 -0000 Received: (sneakemail censored 9557-1589385966-320243 #2); 13 May 2020 16:06:06 -0000 Received: (sneakemail censored 9557-1589385966-320243 #1); 13 May 2020 16:06:06 -0000 Arc-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OwBlg846EtNBmlfGFawUmuY7LR3Q6Pj2MTaf2hhoxhRtSfH/czU92RBZZ5htcdImEzh7YIjNmRzndadoxlzxMtH0vUCIjOLzvy7AplA/uDGst72TP6QXvBfIuS2P/X3nsRO5LU+otdPVYH+VFnSkosXLA6kJaq5rkUvPFpUStOoGNIYVnzrwsowx+I+3HCrzSdNH0bSzlRAcWcrH8umcTDovAk5Sb/SOx7lr6ReRuU4lrPeT6lhRV8qfIqD32zXK3KnFmNT1TjQ3QzMdb4x7IuCN9IS9O/wKXe38KJkFOkNcRq65ewnsrt3wv5cf4bFUh3+8Zt6rZqNht95kh1NjIQ== Arc-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IhWXWzlHQOV2+eej3l40tRnzl8IBTw5b2t8a8YQhh/Y=; b=WuS6Gbar8RVZGIZeu3QkZZPBPAfrkUPLls9toL2J2tWO8uHc2mQ2J9NXHZ88T0WfmimVWbIYf4mAko2Pc6MFm51uNALqLjdo30NuhsAh8YFsNnPfRFntsifNzTkZnXZXmLBH0qRB0y5hQ/yol5k11eEayuGcqjQRpAtIp7fAlYD5klUUZ5lbGrLL2FCDJmPqmuEzVFT8UuZJzVvvDbdp+QQbywq9reiqlyqSIV5mNmR8WFXErwJiVOeP1RVCzHpvLmLiNHp+mObOZpSoTzG/aFELvsP8J+EIygdl7FefkZhha4SALj/zHWsnafNzC6eEL9DRf7TcW1Cpj79/F6RFpA== Arc-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=utoronto.ca; dmarc=pass action=none header.from=utoronto.ca; dkim=pass header.d=utoronto.ca; arc=none Authentication-Results: sneakemail.com; dkim=none (message not signed) header.d=none; sneakemail.com; dmarc=none action=none header.from=utoronto.ca; References: <29272-1589315462-76131@sneakemail.com> <83mu6b7vzg.fsf@gnu.org> In-Reply-To: <83mu6b7vzg.fsf@gnu.org> From: "Michael Hoffman" Date: Wed, 13 May 2020 12:05:51 -0400 Message-ID: <9557-1589385966-320243@sneakemail.com> Content-Type: multipart/alternative; boundary="000000000000c2f09505a589c14b" MIME-Version: 1.0 X-Mailer: Perl5 Mail::Internet v X-Spam-Score: -0.7 (/) X-Mailman-Approved-At: Wed, 13 May 2020 12:12:43 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --000000000000c2f09505a589c14b Content-Type: text/plain; charset="UTF-8" Thanks for looking into this. On Wed, May 13, 2020 at 10:25 AM Eli Zaretskii wrote: > And the fact that one normally needs to jump through hoops (elevating your > session, using tools that make the file explicitly owned by a privileged > group, etc.) to create such a situation on Windows is one more reason not > to bother about this too much. IOW, the situation is rare. > The situation arises for me when viewing files within `%ProgramFiles%` which are often set by installers or similar systems to be owned by Administrators when installed for all users. Specifically, it most often comes up when I am using Emacs, as installed by Chocolatey. Chocolatey installs Emacs to be owned by the Administrators group. When I view the definition of a function that is part of the Lisp code that comes with Emacs `describe-function`, Emacs visits the installed `.el` file, which I cannot write to. Emacs thinks I can write to it though, which causes two annoyances: 1. It is easy to make accidental changes to a file that is not writable (and then I cannot save the file). 2. Flycheck immediately gives me an error message because it tries to open a file in a place it shouldn't. For example: Error while checking syntax automatically: (file-error "Opening output file" "Permission denied" "c:/Program Files/Emacs/emacs-26.2/share/emacs/26.2/lisp/flycheck_help-fns.el") Whether installed via Chocolatey or some other manner, I think having the site Emacs owned by Administrators without direct write access without elevation is a good practice and keeps one from accidentally changing things. > Of course, if someone can explain how to perform this test in a way that > takes ACLs into account and would be reliable, we could consider > implementing it (assuming it isn't too expensive, since such a test will > have to be performed each time a user saves a buffer to its file). > The `AuthzAccessCheck()` function from the Authz API might be able to do this: https://docs.microsoft.com/en-us/windows/win32/api/authz/nf-authz-authzaccesscheck https://docs.microsoft.com/en-us/windows/win32/secauthz/how-dacls-control-access-to-an-object Michael --000000000000c2f09505a589c14b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks for looking into this.

On Wed, May 13, 2020 at 10:25 AM Eli Zaretskii wrote:
<= /div>
And the fact that on= e normally needs to jump through hoops (elevating your session, using tools= that make the file explicitly owned by a privileged group, etc.) to create= such a situation on Windows is one more reason not to bother about this to= o much. IOW, the situation is rare.

The= situation arises for me when viewing files within `%ProgramFiles%` which a= re often set by installers or similar systems to be owned by Administrators= when installed for all users.

Specifically, i= t most often comes up when I am using Emacs, as installed by Chocolatey. Ch= ocolatey installs Emacs to be owned by the Administrators group.
=
When I view the definition of a function that is part of the= Lisp code that comes with Emacs `describe-function`, Emacs visits the inst= alled `.el` file, which I cannot write to. Emacs thinks I can write to it t= hough, which causes two annoyances:

1. It is easy = to make accidental changes to a file that is not writable (and then I canno= t save the file).
2. Flycheck immediately gives me an error messa= ge because it tries to open a file in a place it shouldn't. For example:
Error while checking syntax automatically: (file-error "Op= ening output file" "Permission denied" "c:/Program File= s/Emacs/emacs-26.2/share/emacs/26.2/lisp/flycheck_help-fns.el")
<= div>
Whether installed via Chocolatey or some other manner, I= think having the site Emacs owned by Administrators without direct write a= ccess without elevation is a good practice and keeps one from accidentally = changing things.
 
Of course, if someone can explain how to perform this test in a way that takes ACLs into account and would be reliable, we could consider imple= menting it (assuming it isn't too expensive, since such a test will have to= be performed each time a user saves a buffer to its file).

The `AuthzAccessCheck()` function from the Authz API m= ight be able to do this:


Michael
--000000000000c2f09505a589c14b-- From unknown Sun Jun 22 11:45:10 2025 X-Loop: help-debbugs@gnu.org Subject: bug#41218: 26.3; Windows: file-writable-p returns t for a file owned by the Administrators group but not writable by the user, a member of the Administrators group Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 13 May 2020 16:41:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41218 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: "Michael Hoffman" Cc: 41218@debbugs.gnu.org Received: via spool by 41218-submit@debbugs.gnu.org id=B41218.158938804929802 (code B ref 41218); Wed, 13 May 2020 16:41:02 +0000 Received: (at 41218) by debbugs.gnu.org; 13 May 2020 16:40:49 +0000 Received: from localhost ([127.0.0.1]:59215 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jYuR7-0007kb-6a for submit@debbugs.gnu.org; Wed, 13 May 2020 12:40:49 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45970) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jYuR5-0007kN-Hn for 41218@debbugs.gnu.org; Wed, 13 May 2020 12:40:48 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41173) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jYuR0-0004i0-2Y; Wed, 13 May 2020 12:40:42 -0400 Received: from [176.228.60.248] (port=2704 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jYuQz-0008GD-7V; Wed, 13 May 2020 12:40:41 -0400 Date: Wed, 13 May 2020 19:40:22 +0300 Message-Id: <83y2pv6b61.fsf@gnu.org> From: Eli Zaretskii In-Reply-To: <9557-1589385966-320243@sneakemail.com> (emacs-hoffman@snkmail.com) References: <29272-1589315462-76131@sneakemail.com> <83mu6b7vzg.fsf@gnu.org> <9557-1589385966-320243@sneakemail.com> X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: "Michael Hoffman" > Date: Wed, 13 May 2020 12:05:51 -0400 > > The situation arises for me when viewing files within `%ProgramFiles%` which are often set by installers or > similar systems to be owned by Administrators when installed for all users. > > Specifically, it most often comes up when I am using Emacs, as installed by Chocolatey. Chocolatey installs > Emacs to be owned by the Administrators group. That has a simple solution: take ownership of all the files in the Emacs distribution, so that they are owned by your Windows user and not by Administrators. (It is generally not a good idea to install stuff under %ProgramFiles%, because taking ownership there requires elevation, but since you evidently don't have a problem with elevation, you should be able to take ownership on that directory and all of its subdirectories.) > Of course, if someone can explain how to perform this test in a way that takes ACLs into account and > would be reliable, we could consider implementing it (assuming it isn't too expensive, since such a > test will have to be performed each time a user saves a buffer to its file). > > The `AuthzAccessCheck()` function from the Authz API might be able to do this: No, it doesn't, not AFAIK. That's exactly one of those APIs which it's tempting to use, but which produce false negatives. This API only checks the ACLs against your user and your main group's permissions. But on Windows many users are members of several groups, especially if they are developers, and access granted via those other groups, and also through inheritance of access rights from group to other groups, is not tested. At least that's what I know. If someone can write code to solve this issue, I'm sure it will be welcome.