Reading = making changes



  • I was setting up a game after reinstalling it, which involved copying in certain customizations which were stored on my Linux server. Mostly it went fine, but then at one file Windows popped up a dialog saying "You need permission to perform this action. You require permission from the computer's administrator to make changes to this file." (emphasis mine). "The fuck?" I thought. Why does Windows helpfully pop up UAC when running random executables but not now? I tried renaming the old file out of the way. No effect. Maybe the folder permissions were wrong? No, how could I have renamed the file. Finally I thought to do an ls -l on the file on the Linux box. Turned out its permissions were not enough for samba to read it. Who the hell has designed that dialog in Windows and how did they think that message to be appropriate when the actual error is that the source file could not be read? Had it said that, I would have immediately realized what the problem was, instead of spending a minute getting annoyed at Windows once again tossing up mysterious and misleading errors.



  • @tdb said:

    Who the hell has designed that dialog in Windows and how did they think that message to be appropriate when the actual error is that the source file could not be read? Had it said that, I would have immediately realized what the problem was, instead of spending a minute getting annoyed at Windows once again tossing up mysterious and misleading errors.
     

    afaik, the (generic) design of the dialog/error is intentional, literally "security by obscurity".  Microsoft knows there's a shitload of machines where noob users are administrators by default, so something like this is actually a relatively reliable way to secure the system from enabling them to change files they shouldn't be able to change (e.g. system files, or just anything that they don't have file permissions for by default), even when they formally have the right to change them as they're admins. also notice how strange and obscure is the windows dialog to change file permissions (can't do it from the properties, you have to click the "edit" button), or how strange (and pretty user-hostile) is the process/interface to change file owner. 

    advanced user like you will find out what's going on and be able to solve it in 2 or three minutes, whereas BFU won't have a clue and give up.

    (Raymond Chen had a post hinting on this long time ago)



  • @SEMI-HYBRID code said:

    @tdb said:

    Who the hell has designed that dialog in Windows and how did they think that message to be appropriate when the actual error is that the source file could not be read? Had it said that, I would have immediately realized what the problem was, instead of spending a minute getting annoyed at Windows once again tossing up mysterious and misleading errors.
     

    afaik, the (generic) design of the dialog/error is intentional, literally "security by obscurity".  Microsoft knows there's a shitload of machines where noob users are administrators by default, so something like this is actually a relatively reliable way to secure the system from enabling them to change files they shouldn't be able to change (e.g. system files, or just anything that they don't have file permissions for by default), even when they formally have the right to change them as they're admins. also notice how strange and obscure is the windows dialog to change file permissions (can't do it from the properties, you have to click the "edit" button), or how strange (and pretty user-hostile) is the process/interface to change file owner. 

    You misunderstand. Allow me to clarify my point with some helpful illustrations. If I try to copy a file named regedit.exe from a network drive over the real one, I first get this:

    There is already a file with the same name in this location.  Copy and replace / Don't copy / Copy, but keep both files?

    Selecting the "Copy and replace" option, Windows follows up with this:

    You'll need to provide administrator permission to copy to this folder.

    Notice the "Continue" button with the shield icon on it? I didn't actually try it, but based on prior knowledge that should trigger privilege escalation through UAC and allow me to replace this rather important file. Throughout the process windows is being very helpful and providing detailed explanations.

    However, if I try to copy a text file with 600 permissions (readable only by me the Linux user, not samba) from the same network drive to my own desktop, I instead get this:

    You require permission from the computer's administrator to make changes to this file

    The key point here is that I'm trying to make changes to my own desktop, for which I surely should already have permissions. I can create new files or copy other files to it just fine. I'm not trying to make any changes to the file on the network drive; I'm only trying to read it so I could make a copy. There isn't even anything to protect, since the destination is owned by me and doesn't have an identically named file to replace. Whereas in the case where I really was trying to replace a system file, Windows would have cheerfully let me do it.



  •  @SEMI-HYBRID code said:

    @tdb said:

    Who the hell has designed that dialog in Windows and how did they think that message to be appropriate when the actual error is that the source file could not be read? Had it said that, I would have immediately realized what the problem was, instead of spending a minute getting annoyed at Windows once again tossing up mysterious and misleading errors.
     

    afaik, the (generic) design of the dialog/error is intentional, literally "security by obscurity".  Microsoft knows there's a shitload of machines where noob users are administrators by default, so something like this is actually a relatively reliable way to secure the system from enabling them to change files they shouldn't be able to change (e.g. system files, or just anything that they don't have file permissions for by default), even when they formally have the right to change them as they're admins. also notice how strange and obscure is the windows dialog to change file permissions (can't do it from the properties, you have to click the "edit" button), or how strange (and pretty user-hostile) is the process/interface to change file owner. 

    advanced user like you will find out what's going on and be able to solve it in 2 or three minutes, whereas BFU won't have a clue and give up.

    (Raymond Chen had a post hinting on this long time ago)

     I think you're missing the point. Windows wasn't protecting its system files (he had access rights to write the files); Windows was displaying the wrong error message.

    There's probably some CopyFile-operation happening somewhere, which returns an "Access Denied" error for any access errors, regardless if its reading or writing. So the message just shows the most common cause.

     



  •  oh, so the samba got a request from windows that read "gimme this file". samba tried to open the file to be able to give it to win, but the filesystem told her "you need a permission to perform this action", which samba telegraphed to win, which quoted exactly what it was told.

    btw, reading the file actually makes changes to it(s metadata).

     

    (but yes, i misunderstood and i get your point now, but i don't see anything really WTFy with it.)



  • @SEMI-HYBRID code said:

     oh, so the samba got a request from windows that read "gimme this file". samba tried to open the file to be able to give it to win, but the filesystem told her "you need a permission to perform this action", which samba telegraphed to win, which quoted exactly what it was told.

    Pretty much, except EPERM doesn't indicate the kind of permission that was denied, so that must be inferred from the operation that was attempted. I'm not sure what kind of error codes the SMB protocol has; it's possible that samba gave out the wrong error code, but I hold it more likely that windows got confused about what it was trying to do and presented the wrong operation with the error.

    @SEMI-HYBRID code said:

    btw, reading the file actually makes changes to it(s metadata).

    That depends. If a filesystem is mounted with ro or noatime, reading the file won't change even the metadata. In this case neither of those flags were present, so reading the file would have caused its atime to be updated. Also, changing a file's metadata is largely independent of the permission bits, so if we start picking that nit, we'd need to define a third access type besides read and write. Windows actually has that and a whole lot more. Linux has more fine-grained ACLs for some filsystems as an extension, but for most users the standard read/write/execute bits are enough, with the file's owner and group having fixed permissions to modify the metadata.



  • @tdb said:

    You misunderstand.

    Re-read your first post and then maybe you can solve this great mystery of misunderstanding.

    @tdb said:

    However, if I try to copy a text file with 600 permissions (readable only by me the Linux user, not samba) from the same network drive to my own desktop, I instead get this:

    If I read this literally, the problem is that the file isn't readable by Samba, so obviously Samba can't send it to Windows. But then Windows wouldn't be involved at all, so I can only assume you're "communicating clearly" once more.

    I'm no Linux expert, but isn't 600 "owner-only access"? And isn't the Linux account which owns the file different from the Windows account trying to access it? Have you tried just fixing the permissions? IIRC you need 644 so that anybody can read the file, but only the owner can modify it.

    @tdb said:

    There isn't even anything to protect, since the destination is owned by me and doesn't have an identically named file to replace.

    I wager the problem is that Samba's errors suck shit, and Windows has no way of knowing what to do to make the operation work, and "permission from the computer's administrator" is a catch-all they use in that situation. If my theory's correct, it wouldn't matter what Windows user you tried this under, the problem is on the Linux side.

    I think a bigger question is how you managed to fuck up your file server's permissions so much.



  • @blakeyrat said:

    @tdb said:
    You misunderstand.

    Re-read your first post and then maybe you can solve this great mystery of misunderstanding.

    I've never denied that the misunderstanding might have been my fault. After my clarifications, SEMI-HYBRID got what I meant though, and even agreed that he misunderstood at first. What's that to you anyway?

    @blakeyrat said:

    @tdb said:
    However, if I try to copy a text file with 600 permissions (readable only by me the Linux user, not samba) from the same network drive to my own desktop, I instead get this:

    If I read this literally, the problem is that the file isn't readable by Samba, so obviously Samba can't send it to Windows. But then Windows wouldn't be involved at all, so I can only assume you're "communicating clearly" once more.

    Sure Windows is involved. The error dialog can hardly be displayed by samba. The SMB protocol operates with numeric error codes, so Windows has to come up with a corresponding message too.

    @blakeyrat said:

    I'm no Linux expert, but isn't 600 "owner-only access"?

    Bingo.

    @blakeyrat said:
    And isn't the Linux account which owns the file different from the Windows account trying to access it?

    Yup.

    @blakeyrat said:
    Have you tried just fixing the permissions? IIRC you need 644 so that anybody can read the file, but only the owner can modify it.

    Yes, that's indeed what I did. I thought it was implied, being the only sensible solution to the problem. The post wasn't about fixing the problem anyway, but rather about the error message.

    @blakeyrat said:

    @tdb said:
    There isn't even anything to protect, since the destination is owned by me and doesn't have an identically named file to replace.

    I wager the problem is that Samba's errors suck shit, and Windows has no way of knowing what to do to make the operation work, and "permission from the computer's administrator" is a catch-all they use in that situation.

    The SMB protocol only has a generic "access denied" code, regardless of whether it was read or write access. If the access mode information is needed, the caller needs to keep track of what it was trying to do when the error occurred. In this case the relevant operation would be "open file in read-only mode". However, Windows then goes on to say that the error occurred while trying to modify the file. Since a copy operation involves reading one file and writing another, the obvious conclusion was that the write part somehow failed, but that wasn't the case.

    @blakeyrat said:

    If my theory's correct, it wouldn't matter what Windows user you tried this under, the problem is on the Linux side.

    I think it's possible to share account information between Linux and Windows, but I don't know how it's done or how well it works. I've configured samba to ignore usernames coming from the client because I don't need that in my personal network.

    The "permission from administrator" part is fine; for all Windows knows it could be on a corporate network and the user might really need to contact IT support to get the file access rights fixed.

    @blakeyrat said:

    I think a bigger question is how you managed to fuck up your file server's permissions so much.

    I'll refrain from providing the entire backstory because I don't feel like explaining my reasons to you after every second sentence. Suffice it to say that the file in question was stored somewhere under my home directory on the Linux box, with global read access disabled. I then copied it to the shared directory with cp -a, which preserves timestamps, permissions and other metadata. Thus the file ended up in the shared directory without samba being able to read it.



  • @tdb said:

    I've never denied that the misunderstanding might have been my fault. After my clarifications, SEMI-HYBRID got what I meant though, and even agreed that he misunderstood at first. What's that to you anyway?

    I have made it a life-long goal to encourage people to MAKE FUCKING SENSE. If it's important enough to share with all of us, it's important enough to proofread and ensure we can all understand it.

    Your second version with the screenshots was pretty good, your first version was abominable.

    @tdb said:

    The post wasn't about fixing the problem anyway, but rather about the error message.

    Ok...

    @tdb said:

    The "permission from administrator" part is fine; for all Windows knows it could be on a corporate network and the user might really need to contact IT support to get the file access rights fixed.

    Gruh-huh?

    Ok, so we've established:
    1) a UAC prompt wouldn't have fixed your problem, as it was entirely server-side (your initial complaint, as far as I can make it out, was that there was no UAC elevation in the dialog)
    2) you have an issue with the error message
    3) the error message is fine

    So... what are we all doing here again?

    @tdb said:

    I'll refrain from providing the entire backstory because I don't feel like explaining my reasons to you after every second sentence. Suffice it to say that the file in question was stored somewhere under my home directory on the Linux box, with global read access disabled. I then copied it to the shared directory with cp -a, which preserves timestamps, permissions and other metadata. Thus the file ended up in the shared directory without samba being able to read it.

    One of the (many) issues I have with Linux users is how much they tinker with shit. I used to know this guy (well, actually he was an OS X developer, but same difference) who would constantly create problems for himself and then whinge to me about them, and my response would always be: "you know if you just used the system instead of trying to tinker with permissions, or mount a filesystem with some weird flag that disables last access time, or whatever you did this week to fuck up your computer-- if you just used it as its intended to be used, you wouldn't have any goddamned problems at all."

    So my advice to you would be: just stop tinkering with shit, and it'll work fine. If you're going out-of-your-way to use the "uncommon" option, like using cp -a instead of just cp (or, fuck, for that matter using the CLI instead of just dragging the file icons (or, fuck, for that matter using Linux at all instead of a sane OS)) then your life would be much easier.



  • @blakeyrat said:

    I wager the problem is that Samba's errors suck shit, and Windows has no way of knowing what to do to make the operation work, and "permission from the computer's administrator" is a catch-all they use in that situation. If my theory's correct, it wouldn't matter what Windows user you tried this under, the problem is on the Linux side.

    In theory, that's possible, especially once you consider that the most obvious guess is so often incorrect, and you're not looking at the right thing. However, windows should at least understand that it's reading from the network source, not writing. My guess is that the place that pops up the message makes some call to copy the system, and isn't looking at what the real error is, or even where it came from.

    @blakeyrat said:

    I think a bigger question is how you managed to fuck up your file server's permissions so much.


    There are some files (especially ssh configuration stuff) that is required to have those sorts of permissions in order to actually work. It's hard to say if it's really fucked up without knowing more.



  • @boomzilla said:

    There are some files (especially ssh configuration stuff) that is required to have those sorts of permissions in order to actually work. It's hard to say if it's really fucked up without knowing more.

    This is an .ini file that configures a video game.

    If an .ini file that configures a Windows video game is required, when stored on Linux, to have special permissions, then I will eat not only my hat, but every hat in Texas.



  • @blakeyrat said:

    @boomzilla said:
    There are some files (especially ssh configuration stuff) that is required to have those sorts of permissions in order to actually work. It's hard to say if it's really fucked up without knowing more.

    This is an .ini file that configures a video game.

    If an .ini file that configures a Windows video game is required, when stored on Linux, to have special permissions, then I will eat not only my hat, but every hat in Texas.

    You're right. That file shouldn't have gotten the permissions messed up like that. I wonder if it was something that some brain dead game stored something in Program Files or something.



  • @blakeyrat said:

    @tdb said:
    I've never denied that the misunderstanding might have been my fault. After my clarifications, SEMI-HYBRID got what I meant though, and even agreed that he misunderstood at first. What's that to you anyway?

    I have made it a life-long goal to encourage people to MAKE FUCKING SENSE. If it's important enough to share with all of us, it's important enough to proofread and ensure we can all understand it.

    So I've noticed. Unfortunately it seems that your standards of making sense are so far off from everyone else that it's extremely hard to please you. The original post made sense to me; geocities also understood it well enough to correct SEMI-HYBRID at about the same time as I did (his timestamp is only three minutes later than mine, so I assume he was already writing his reply when I hit the "Post" button).

    @blakeyrat said:

    Your second version with the screenshots was pretty good, your first version was abominable.

    I thought the case was simple enough to not need screenshots. When clarification was asked for, screenshots were the easiest way to make sure I'm understood.

    @blakeyrat said:

    @tdb said:
    The "permission from administrator" part is fine; for all Windows knows it could be on a corporate network and the user might really need to contact IT support to get the file access rights fixed.

    Gruh-huh?

    Ok, so we've established:
    1) a UAC prompt wouldn't have fixed your problem, as it was entirely server-side (your initial complaint, as far as I can make it out, was that there was no UAC elevation in the dialog)
    2) you have an issue with the error message
    3) the error message is fine

    So... what are we all doing here again?

    Since the extra detail I put in to embellish the story a bit apparently confuses you, and my explanations also seem to be ineffective, let me provide an abridged version of the wtf with only the bare essentials. To avoid further confusion, please ignore any previously provided details while reading this.

    My fileserver had a file owned by a local user and only readable by that user. I tried to copy it over the network to my Windows machine. Windows said it didn't have permission to modify the file. The actual problem was that Windows couldn't read the file. I found it annoying that the error message didn't describe the actual cause of the error.

    @blakeyrat said:

    @tdb said:
    I'll refrain from providing the entire backstory because I don't feel like explaining my reasons to you after every second sentence. Suffice it to say that the file in question was stored somewhere under my home directory on the Linux box, with global read access disabled. I then copied it to the shared directory with cp -a, which preserves timestamps, permissions and other metadata. Thus the file ended up in the shared directory without samba being able to read it.

    One of the (many) issues I have with Linux users is how much they tinker with shit. I used to know this guy (well, actually he was an OS X developer, but same difference) who would constantly create problems for himself and then whinge to me about them, and my response would always be: "you know if you just used the system instead of trying to tinker with permissions, or mount a filesystem with some weird flag that disables last access time, or whatever you did this week to fuck up your computer-- if you just used it as its intended to be used, you wouldn't have any goddamned problems at all."

    So my advice to you would be: just stop tinkering with shit, and it'll work fine. If you're going out-of-your-way to use the "uncommon" option, like using cp -a instead of just cp (or, fuck, for that matter using the CLI instead of just dragging the file icons (or, fuck, for that matter using Linux at all instead of a sane OS)) then your life would be much easier.

    See? This is exactly why I didn't bother telling more details.



  • @boomzilla said:

    You're right. That file shouldn't have gotten the permissions messed up like that. I wonder if it was something that some brain dead game stored something in Program Files or something.

    Fine, I'll explain it, but only since it's you and not blakey asking. I started playing that game with Wine under Linux. Since I provide shell accounts on my server for some friends and an somewhat paranoid by nature, I had set up permissions so that other users didn't have access to the game files. Thus the file ended up on my file server with no global read permission. A while ago I got tired with Wine not working quite right and switched to Windows as a gaming platform (I have my reasons to still use Linux for most purposes, but they are mostly ideological so I won't bother explaining them). Thus the need to copy said file to Windows.

    The game in question is a bit braindead too and writes stuff, including configuration, to its installation directory. It's known to break horribly if installed to Program Files under Vista or 7. That was not the source of the permission problem though.



  • @tdb said:

    @boomzilla said:
    You're right. That file shouldn't have gotten the permissions messed up like that. I wonder if it was something that some brain dead game stored something in Program Files or something.

    Fine, I'll explain it, but only since it's you and not blakey asking. I started playing that game with Wine under Linux. Since I provide shell accounts on my server for some friends and an somewhat paranoid by nature, I had set up permissions so that other users didn't have access to the game files. Thus the file ended up on my file server with no global read permission. A while ago I got tired with Wine not working quite right and switched to Windows as a gaming platform (I have my reasons to still use Linux for most purposes, but they are mostly ideological so I won't bother explaining them). Thus the need to copy said file to Windows.

    That makes sense to me.



  • @tdb said:

    I started playing that game with Wine under Linux. Since I provide shell accounts on my server for some friends and an somewhat paranoid by nature, I had set up permissions so that other users didn't have access to the game files. Thus the file ended up on my file server with no global read permission. A while ago I got tired with Wine not working quite right and switched to Windows as a gaming platform.  Thus the need to copy said file to Windows.

    The game in question is a bit braindead too and writes stuff, including configuration, to its installation directory. It's known to break horribly if installed to Program Files under Vista or 7. That was not the source of the permission problem though.

    Lesson of the day.   That should have been your first post.

     



  • If it makes you feel better Mac has a similar issue:

    (I'm trying snag.gy and it fails on alpha transparency)

    That was a file with 600 permissions on the samba server.

    However I managed to copy a file with the same name over it (I had write permission to the directory). Finder tends to delete files before overwriting. It does this to folders too, which is a bit of a WTF (One'd expect a merge).

    If I don't have write permission to the directory it asks for username/password (UAC style) but supplying that it just fails.

    Just today I moved some files from my local HDD to the server, but upon completion one just disappeared. No trace anywhere. Luckily it was just a downloaded file (albeit 1.65GB which will take a few hours to download again on this crappy ADSL), but it does not instill confidence in the system.



  • @Zemm said:

    (I'm trying snag.gy and it fails on alpha transparency)

    It seems to fail in general since the image is not visible, not even when viewed directly on snag.gy.



  • @El_Heffe said:

    @tdb said:
    I started playing that game with Wine under Linux. Since I provide shell accounts on my server for some friends and an somewhat paranoid by nature, I had set up permissions so that other users didn't have access to the game files. Thus the file ended up on my file server with no global read permission. A while ago I got tired with Wine not working quite right and switched to Windows as a gaming platform.  Thus the need to copy said file to Windows.

    The game in question is a bit braindead too and writes stuff, including configuration, to its installation directory. It's known to break horribly if installed to Program Files under Vista or 7. That was not the source of the permission problem though.

    Lesson of the day. That should have been your first post.
    Why? That sort of circumstantial information has (at least to me) no relevance to the WTF illustrated in the original post.

     



  • @Zemm said:



    If it makes you feel better Mac has a similar issue:

    I would say that the Mac message is better, since it isn't wrong. The message from Windows implies that your problem is local, not on the file server. This sort of an error at least doesn't lead you in the wrong direction.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.