From: cygzw@trodman.com (Tom Rodman)
To: cygwin-talk@cygwin.com
Subject: OT: inherited ACL - full control, can only append to file
Date: Fri, 07 Mar 2008 22:49:00 -0000 [thread overview]
Message-ID: <200803072248.m27MmXwX028979@tigris.pounder.sol.net> (raw)
Any idea why I could append to "zam.pif" below, but
echo > zam.pif
failed ("Permission denied")?
"attrib" listed zam.pif as a hidden system file. It was owned by
another user, and had only inherited permissions.
I was able to delete it.
I wanted to empty the file out
without changing it's permissions ( had a virus ).
--
thanks,
Tom
v-v-v-v-v-v-v-v-v-v-v D E T A I L S v-v-v-v-v-v-v-v-v-v-v
/drv/m $ _wfi zam.pif # "_wfi is a bash script to show perms, it shows what it does"
+ setacl -on 'm:\zam.pif' -ot file -actn list -lst 'f:tab;w:o,g,d,s;i:n;s:n'
\\?\m:\zam.pif
Owner: DOMxx1\johndoe
Group: DOMxx1\Domain Users
SetACL finished successfully.
+ :
+ stat --printf 'name: %n\n size: %s type: %F\n modify: %y\n access: %x change: %z\n' zam.pif
name: zam.pif
size: 47104 type: regular file
modify: 2005-12-11 18:34:42.000000000 -0600
access: 2008-03-06 15:36:38.593270600 -0600 change: 2008-03-05 18:13:43.365871300 -0600
+ attrib 'm:\zam.pif'
SH M:\zam.pif
+ set +x
/drv/m $ ls -l zam.pif
----------+ 1 johndoe Domain Users 47104 Dec 11 2005 zam.pif
/drv/m $ echo > zam.pif
-bash: zam.pif: Permission denied
/drv/m $ dacl zam.pif
+ setacl -on 'm:\zam.pif' -ot file -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n'
\\?\m:\zam.pif
Owner: DOMxx1\johndoe
Group: DOMxx1\Domain Users
DACL(not_protected+auto_inherited):
BUILTIN\Administrators full allow inherited
NT AUTHORITY\Authenticated Users read_execute allow inherited
S-1-5-21-6622783460-1979792683-1801674531-2122 full allow inherited
DOMxx1\staffuser2 full allow inherited
S-1-5-21-6202436711-2025429265-1801674531-1005 full allow inherited
S-1-5-21-6622783460-1979792683-1801674531-2114 change allow inherited
DOMxx1\XYZ_BLD_MGR change allow inherited
S-1-5-21-6622783460-1979792683-1801674531-2117 full allow inherited
DOMxx1\XYZ_ES_ADMIN full allow inherited
NT AUTHORITY\SYSTEM full allow inherited
SetACL finished successfully.
+ set +x
/drv/m $ echo >> zam.pif
/drv/m $ echo abc > zam.pif
-bash: zam.pif: Permission denied
/drv/m $ handle zam.pif
Handle v2.2
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
No matching handles found.
/drv/m $ rm -f zam.pif
/drv/m $ ls -a
./ Bryn/ RECYCLER/ Orly/ Gaul/ temp/
../ Riga.inf System Volume Information/ Skye/ Abos/ tests/
/drv/m $
--snip/same user:
~ $ id -un
staffuser1
~ $ groups
XYZ_ES_STAFF Administrators ABC_NA-CTX-Notepad-A Domain Users XYZ_ES_ADMIN XYZ_Users Users
reply other threads:[~2008-03-07 22:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200803072248.m27MmXwX028979@tigris.pounder.sol.net \
--to=cygzw@trodman.com \
--cc=cygwin-talk@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).