This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Note
Access to this page requires authorization. You can trysigning in orchanging directories.
Access to this page requires authorization. You can trychanging directories.
Applies To: Windows 7, Windows Server 2008 R2, Windows Server 2012
Subsystem for UNIX-based Applications (SUA) provides a Portable Operating System Interface-compliant (POSIX-compliant) subsystem that runs UNIX shells, utilities, and applications natively alongside Microsoft® Windows® applications. This topic describes some of the working considerations for users who require a POSIX-compliant operating system.
The SUA Korn shell follows traditional Korn shell behavior, which is almost identical to POSIX behavior. If you need strict POSIX conformance, which some work environments require, see the differences between the Korn shell and POSIX in theksh(1) documentation in the Help files found in the download package Utilities and Software Development Kit (SDK) for Subsystem for UNIX-based Applications.
To get full POSIX.2 conformance from the Korn shell, you must run the Korn shell in POSIX mode. To run the Korn shell in POSIX mode, do one of the following:
Open the Korn shell with the-o posix option.
Run the command set-o posix from within the shell.
Set thePOSIXLY_CORRECT shell parameter.
POSIX conformance is not supported in the C shell. Unlike the Korn shell, the C shell has no POSIX-mode command options.
By default, Windows users have permissions to move through a directory tree, though they might not have permissions to access each directory in the path. On POSIX systems, you cannot access a directory unless you have permission to access every directory in the path to the directory. This POSIX behavior is known as traverse checking. For example, if you do not have permission to access a directory, you cannot change the current directory to any of its subdirectories, even if you have permission to access the subdirectories. By default in Windows, you can change the current directory to any subdirectories for which you have permission.
In Windows, there is a special permission called the Traverse Folder/Execute File permission, which you can set for a user or group. You can configure this permission to allow or deny movement through a directory tree. The Traverse Folder permission takes effect only when the group or user is not granted the Bypass Traverse Checking user right in the Group Policy snap-in. In Microsoft Windows 2000, by default, the Everyone group is given the Bypass Traverse Checking user right. In the Windows Server® 2008 R2, Windows® 7, Windows Server® 2008, Windows Vista®, Windows Server 2003, and Windows XP operating systems, the Administrators, Backup Operators, Everyone, Power Users, and Users groups all have this right. For strict conformance with POSIX standards, remove the Bypass Traverse Checking user right from all users and groups except the Backup Operators group. To conform to privileges granted to the root user on many other UNIX implementations, remove the Bypass Traverse Checking user right from all users except the Administrators and Backup Operators groups.
Root users that are using thesu command to run as other users, and users that are usingsetuid processes (and those processes that includesetuid -related calls), deviate from the default behavior described above by retaining some directory traverse rights.
Removing theBypass traverse checking right from user accounts results in POSIX-compliant behavior. However, when a root user attempts to runsu on any other user without providing a password, the resulting session does not have the behavior described above. Processes started after a root user runssu without providing a password can access and move through a directory tree, although they might not have permissions to access every directory in the path.
Setuid processes, and processes that callsetuid ,seteuid , orsetreuid , also exhibit the same behavior. After removing theBypass traverse checking right from the account of the user running these processes, the processes are able to progress through a directory tree, though they might lack permissions to access each directory in the path.