POSIX Compliance in Subsystem for UNIX-based Applications

Applies To: Windows Server 2003 R2

Subsystem for UNIX-based Applications (SUA) provides a Portable Operating System Interface-compliant (POSIX-compliant) subsystem that runs UNIX shells, utilities, and applications natively alongside Windows applications. This topic describes some of the working considerations for users requiring a POSIX-compliant operating system.

POSIX Shell Compatibility

The SUA Korn shell follows traditional Korn shell behavior, which is almost identical to POSIX behavior. If you need strict POSIX conformance, which some work environments require, see the differences between the Korn shell and POSIX in the ksh(1) documentation in the Help files found in the download package Utilities and Software Development Kit (SDK) for UNIX-based Applications.

To get full POSIX.2 conformance from the Korn shell, you must run it in POSIX mode. To run the Korn shell in POSIX mode, either open the Korn shell with the -o posix option, run the command set -o posix from within the shell, or set the POSIXLY_CORRECT shell parameter.

POSIX conformance is not supported in the C shell. Unlike the Korn shell, the C shell has no POSIX-mode command options.

Traverse Checking of Directory Permissions

By default, Windows users have permissions to move through a directory tree, though they might not have permissions to access each directory in the path. On POSIX systems, you cannot access a directory unless you have permission to access every directory in the path to the directory. This POSIX behavior is known as traverse checking.

For example, if you do not have permission to access a directory, you cannot change the current directory to any of its subdirectories, even if you have permission to access the subdirectories. By default in Windows, you can change the current directory to any subdirectories for which you have permission.

In Windows, there is a special permission called the Traverse Folder/Execute File permission, which you can set for a user or group. You can configure this permission to allow or deny movement through a directory tree. The Traverse Folder permission takes effect only when the group or user is not granted the Bypass Traverse Checking user right in the Group Policy snap-in. In Windows 2000, by default, the Everyone group is given the Bypass Traverse Checking user right. In Windows XP and the Windows Server 2003 operating systems, the Administrators, Backup Operators, Everyone, Power Users, and Users groups are all given this right. For strict conformance with POSIX standards, remove the Bypass Traverse Checking right from all users and groups except Backup Operators. To conform to privileges granted to the root user on many other UNIX implementations, remove the Bypass Traverse Checking right from all users except Administrators and Backup Operators.