# Keep Cygwin Applications from setting NTFS security descriptors

If you run cygwin applications such as [the rsync-backup script](/2014/01/31/incremental-backups-with-rsync-in-windows/), you will sometimes run into trouble with odd NTFS permissions being set by the cygwin application. My tip is to avoid this by making cygwin not set *any* permissions at all. If a cygwin application then creates a file, for instance, this file will only inherit its security settings from the folder it is contained in. This way, you can set access control on the root directory and all the files created by rsync inside that folder will inherit these permissions. How to do it? Open your cygwin shell and edit /etc/fstab which should contain only one non-comment line:
none /cygdrive cygdrive binary,posix=0,user 0 0

Now insert the noacl attribute, see [the cygwin manual](http://www.cygwin.com/cygwin-ug-net/using.html#mount-table):
none /cygdrive cygdrive binary,noacl,posix=0,user 0 0

And the next time you run rsync-backup, it will *not* set all kinds of awkward permissions on your files which make them unreadable on a freshly installed computer. Just saying.

## 9 Replies to “Keep Cygwin Applications from setting NTFS security descriptors”

1. Alexander Henkel says:
Holy shit! This advice saved our ass! (Sorry for words)
2. Alexander Henkel says:
Yes, it did indeed. We are using Cygwin tools in one of our applications and were struggling with the phenomen of altered ACL settings which sometimes prevented those files from being accessed (both reading and writing) from Windows itself. We had no idea what was going on. This problem nearly turned out to be a show stopper until we found your tip! Again, thanks a lot.
3. Gabo says:
Thanks for this information, I was kinda freak out because I got an 'access denied' every time I try to execute some of the files I checkout using 'git'.
4. Ted says:
I'll add my thanks to everyone else's. Slightly different use case. I had set a HOME Windows User environment variable to %USERPROFILE%home so that Cygwin would use that for its \$HOME environment variable. That worked fine, but apparently because of the funky permissions that Cygwin put on this location, the ~/.bash_history file wouldn't update properly. It was a little weird because Cygwin did create this file, but it just never put anything in it, even when exiting the Cygwin shell gracefully with the "exit" command. I made the /etc/fstab change recommended by the OP, but before it would begin working properly for the .bash_history file, I had to delete the existing file first (rm ~/.bash_history). I tried searching the web specifically for this use case and was surprised not to find any hits since I'm sure that changing the location of the home directory is a common thing. This case should actually be clearly described in the Cygwin documentation. Happy that I ran into this post. Thanks again!
1. Ted says:
I see that my backslash had gotten swallowed in my earlier post in "%USERPROFILE\%home", but you get the idea.
5. This is beginning to feel a lot like maybe they could make noacl a default option xD.
6. When I do this, I lose the ability to tab-autocomplete bash files, though.