Objects in ACL cygwin win 10

Objects in ACL cygwin win 10

[Jim McNamara]

Hi all-

I have : group everyone and my user sid as my ACLs with their permissions
in cygwin.  I use chmod to set permissions and dont use fstab.

Can someone please check by right clicking properties security tab in win
10 and verify that is all I need?

I'm not using any domains.

I'm not sure if I need system object that is used for OS things. I dont
think so but am not sure.

Thanks
Roboloki

Re: Objects in ACL cygwin win 10

[Brian Inglis]

On 2020-10-23 14:02, Jim McNamara via Cygwin wrote:
> I have : group everyone and my user sid as my ACLs with their permissions
> in cygwin.  I use chmod to set permissions and dont use fstab.
> 
> Can someone please check by right clicking properties security tab in win
> 10 and verify that is all I need?
> 
> I'm not using any domains.
> 
> I'm not sure if I need system object that is used for OS things. I dont
> think so but am not sure.

Not sure what you are asking about, but if you run

	$ ls -dl dir; getfacl dir; icacls dir
	$ ls -dl dir/file; getfacl dir/file; icacls dir/file

you can see how POSIX perms get translated into POSIX ACLs and implemented as
Windows ACLs.

If anything appears complex or inconsistent, try running setfacl -b on dirs or
files then reapply chmod perms and recheck with the above.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

Re: Objects in ACL cygwin win 10

[Jim McNamara]

In more descriptive terms, an access control list is a list that determines
which system processes or users are granted access to an object as well as
what operations are permitted on the object.

I tried to refer to the object 'system '. There are other objects like
administrator, administrators, user, and everyone.

Sorry, I tried to initially save keystrokes because I was typing on a phone
keyboard.  Bad idea.

Just wondering, for home users,  that aren't using domains, with ACLs, what
type of objects are listed when you right click on a text file and choose
properties and security in the windows 10 file explorer from within your
cygwin install.

I ask partially because with ACL as context, I cannot find a good example
of 'system' object and what it is used for. I figure it must be either
complicated or the opposite which is well understood .

If you dont answer, I'm only frustrated with myself.

Thanks for your help.

Sorry Brian,

Thanks,
Roboloki








On Fri, Oct 23, 2020, 5:31 PM Brian Inglis <Brian.Inglis@systematicsw.ab.ca>
wrote:

> On 2020-10-23 14:02, Jim McNamara via Cygwin wrote:
> > I have : group everyone and my user sid as my ACLs with their permissions
> > in cygwin.  I use chmod to set permissions and dont use fstab.
> >
> > Can someone please check by right clicking properties security tab in win
> > 10 and verify that is all I need?
> >
> > I'm not using any domains.
> >
> > I'm not sure if I need system object that is used for OS things. I dont
> > think so but am not sure.
>
> Not sure what you are asking about, but if you run
>
>         $ ls -dl dir; getfacl dir; icacls dir
>         $ ls -dl dir/file; getfacl dir/file; icacls dir/file
>
> you can see how POSIX perms get translated into POSIX ACLs and implemented
> as
> Windows ACLs.
>
> If anything appears complex or inconsistent, try running setfacl -b on
> dirs or
> files then reapply chmod perms and recheck with the above.
>
> --
> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>
> This email may be disturbing to some readers as it contains
> too much technical detail. Reader discretion is advised.
> [Data in binary units and prefixes, physical quantities in SI.]
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple
>

Re: Objects in ACL cygwin win 10

[Jim McNamara]

Hi all

I think I figured out that the processes that the ACL object/identifier
'system'  is referring to are like processes  in sysinternals process
explorer .

Not sure but that is my best guess.

If all else fails, I will chmod the hell out of everything until I beat
stat command into submission.

I will also be experimenting with your list of commands!

Have a cool weekend.

Thanks again for your help, Brian.

Later






On Fri, Oct 23, 2020, 6:41 PM Jim McNamara <nefariousscheme@gmail.com>
wrote:

> In more descriptive terms, an access control list is a list that
> determines which system processes or users are granted access to an object
> as well as what operations are permitted on the object.
>
> I tried to refer to the object 'system '. There are other objects like
> administrator, administrators, user, and everyone.
>
> Sorry, I tried to initially save keystrokes because I was typing on a
> phone keyboard.  Bad idea.
>
> Just wondering, for home users,  that aren't using domains, with ACLs,
> what type of objects are listed when you right click on a text file and
> choose properties and security in the windows 10 file explorer from within
> your cygwin install.
>
> I ask partially because with ACL as context, I cannot find a good example
> of 'system' object and what it is used for. I figure it must be either
> complicated or the opposite which is well understood .
>
> If you dont answer, I'm only frustrated with myself.
>
> Thanks for your help.
>
> Sorry Brian,
>
> Thanks,
> Roboloki
>
>
>
>
>
>
>
>
> On Fri, Oct 23, 2020, 5:31 PM Brian Inglis <
> Brian.Inglis@systematicsw.ab.ca> wrote:
>
>> On 2020-10-23 14:02, Jim McNamara via Cygwin wrote:
>> > I have : group everyone and my user sid as my ACLs with their
>> permissions
>> > in cygwin.  I use chmod to set permissions and dont use fstab.
>> >
>> > Can someone please check by right clicking properties security tab in
>> win
>> > 10 and verify that is all I need?
>> >
>> > I'm not using any domains.
>> >
>> > I'm not sure if I need system object that is used for OS things. I dont
>> > think so but am not sure.
>>
>> Not sure what you are asking about, but if you run
>>
>>         $ ls -dl dir; getfacl dir; icacls dir
>>         $ ls -dl dir/file; getfacl dir/file; icacls dir/file
>>
>> you can see how POSIX perms get translated into POSIX ACLs and
>> implemented as
>> Windows ACLs.
>>
>> If anything appears complex or inconsistent, try running setfacl -b on
>> dirs or
>> files then reapply chmod perms and recheck with the above.
>>
>> --
>> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>>
>> This email may be disturbing to some readers as it contains
>> too much technical detail. Reader discretion is advised.
>> [Data in binary units and prefixes, physical quantities in SI.]
>> --
>> Problem reports:      https://cygwin.com/problems.html
>> FAQ:                  https://cygwin.com/faq/
>> Documentation:        https://cygwin.com/docs.html
>> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple
>>
>

Fwd: Objects in ACL cygwin win 10

[Jim McNamara]

---------- Forwarded message >
Date: Fri, Oct 23, 2020, 11:48 PM
Subject: Re: Objects in ACL cygwin win 10
To: moss>


Hi elliot

Thanks for you and Brian helping me.

I used icacls cygwin /q /c /t reset

Thanks!
Roboloki

On Fri, Oct 23, 2020, 10:06 PM Eliot Moss <moss@cs.umass.edu> wrote:

> I have to admit I am not 100% sure what you are asking, but I am careful
> to grant SYSTEM access so
> that my backup program can access and save a copy of virtually everything
> ...
>
> EM
>

Re: Fwd: Objects in ACL cygwin win 10

[Brian Inglis]

On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
> On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:

>> I have to admit I am not 100% sure what you are asking, but I am careful
>> to grant SYSTEM access so
>> that my backup program can access and save a copy of virtually everything

> Thanks for you and Brian helping me.
> I used icacls cygwin /q /c /t reset

You have to be very careful using icacls and other Windows commands with Cygwin
ACLs as

"ICACLS preserves the canonical ordering of ACE entries:
	Explicit denials
	Explicit grants
	Inherited denials
	Inherited grants"

and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows File
Explorer often does not consider Cygwin ACLs in what it considers canonical
order and requires them to be reordered, which breaks the Cygwin permissions.

Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with BUILTIN/Administrators,
as users, groups, or both:

$ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; echo;
icacls C:/Users/
drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13  2020 /proc/cygdrive/c/Users/

# file: /proc/cygdrive/c/Users/
# owner: SYSTEM
# group: SYSTEM
user::rwx
group::r-x
group:Administrators:rwx        #effective:r-x
group:Users:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::---
default:group:Administrators:rwx        #effective:r-x
default:group:Users:r-x
default:mask::r-x
default:other::r-x

C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
          BUILTIN\Administrators:(OI)(CI)(F)
          BUILTIN\Users:(RX)
          BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
          Everyone:(RX)
          Everyone:(OI)(CI)(IO)(GR,GE)

Successfully processed 1 files; Failed processing 0 files

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

Re: Fwd: Objects in ACL cygwin win 10

[Brian Inglis]

On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
> On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:

>> I have to admit I am not 100% sure what you are asking, but I am careful
>> to grant SYSTEM access so
>> that my backup program can access and save a copy of virtually everything

> Thanks for you and Brian helping me.
> I used icacls cygwin /q /c /t reset

You have to be very careful using icacls and other Windows commands with Cygwin
ACLs as

"ICACLS preserves the canonical ordering of ACE entries:
	Explicit denials
	Explicit grants
	Inherited denials
	Inherited grants"

and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows File
Explorer often does not consider Cygwin ACLs in what it considers canonical
order and requires them to be reordered, which breaks the Cygwin permissions.

Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with BUILTIN/Administrators,
as users, groups, or both:

$ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; echo;
icacls C:/Users/
drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13  2020 /proc/cygdrive/c/Users/

# file: /proc/cygdrive/c/Users/
# owner: SYSTEM
# group: SYSTEM
user::rwx
group::r-x
group:Administrators:rwx        #effective:r-x
group:Users:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::---
default:group:Administrators:rwx        #effective:r-x
default:group:Users:r-x
default:mask::r-x
default:other::r-x

C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
          BUILTIN\Administrators:(OI)(CI)(F)
          BUILTIN\Users:(RX)
          BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
          Everyone:(RX)
          Everyone:(OI)(CI)(IO)(GR,GE)

Successfully processed 1 files; Failed processing 0 files

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

Re: Fwd: Objects in ACL cygwin win 10

[Jim McNamara]

Hi Brian

Yes, I see now what you are saying. Didn't know why it behaves like that.
Do you reccomend:

A. Noacl option  in fstab
B. Reinstall and leave icacls in windows alone so I can deploy in future
with runtime

Thnx,
Roboloki

On Sat, Oct 24, 2020, 12:46 AM Brian Inglis <Brian.Inglis@systematicsw.ab.ca>
wrote:

> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
> > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:
>
> >> I have to admit I am not 100% sure what you are asking, but I am careful
> >> to grant SYSTEM access so
> >> that my backup program can access and save a copy of virtually
> everything
>
> > Thanks for you and Brian helping me.
> > I used icacls cygwin /q /c /t reset
>
> You have to be very careful using icacls and other Windows commands with
> Cygwin
> ACLs as
>
> "ICACLS preserves the canonical ordering of ACE entries:
>         Explicit denials
>         Explicit grants
>         Inherited denials
>         Inherited grants"
>
> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows
> File
> Explorer often does not consider Cygwin ACLs in what it considers canonical
> order and requires them to be reordered, which breaks the Cygwin
> permissions.
>
> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with
> BUILTIN/Administrators,
> as users, groups, or both:
>
> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/;
> echo;
> icacls C:/Users/
> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13  2020 /proc/cygdrive/c/Users/
>
> # file: /proc/cygdrive/c/Users/
> # owner: SYSTEM
> # group: SYSTEM
> user::rwx
> group::r-x
> group:Administrators:rwx        #effective:r-x
> group:Users:r-x
> mask::r-x
> other::r-x
> default:user::rwx
> default:group::---
> default:group:Administrators:rwx        #effective:r-x
> default:group:Users:r-x
> default:mask::r-x
> default:other::r-x
>
> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
>           BUILTIN\Administrators:(OI)(CI)(F)
>           BUILTIN\Users:(RX)
>           BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
>           Everyone:(RX)
>           Everyone:(OI)(CI)(IO)(GR,GE)
>
> Successfully processed 1 files; Failed processing 0 files
>
> --
> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>
> This email may be disturbing to some readers as it contains
> too much technical detail. Reader discretion is advised.
> [Data in binary units and prefixes, physical quantities in SI.]
>
> --
> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>
> This email may be disturbing to some readers as it contains
> too much technical detail. Reader discretion is advised.
> [Data in binary units and prefixes, physical quantities in SI.]
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple
>

Re: Fwd: Objects in ACL cygwin win 10

[Jim McNamara]

I decided to go with b. since windows ntfs wont recognize a and I want to
deploy. Im using cygwin to make agar gui apps for cobol (at least that is
the plan). Thnx brian!

On Sat, Oct 24, 2020, 3:02 AM Jim McNamara <nefariousscheme@gmail.com>
wrote:

> Hi Brian
>
> Yes, I see now what you are saying. Didn't know why it behaves like that.
> Do you reccomend:
>
> A. Noacl option  in fstab
> B. Reinstall and leave icacls in windows alone so I can deploy in future
> with runtime
>
> Thnx,
> Roboloki
>
> On Sat, Oct 24, 2020, 12:46 AM Brian Inglis <
> Brian.Inglis@systematicsw.ab.ca> wrote:
>
>> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
>> > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:
>>
>> >> I have to admit I am not 100% sure what you are asking, but I am
>> careful
>> >> to grant SYSTEM access so
>> >> that my backup program can access and save a copy of virtually
>> everything
>>
>> > Thanks for you and Brian helping me.
>> > I used icacls cygwin /q /c /t reset
>>
>> You have to be very careful using icacls and other Windows commands with
>> Cygwin
>> ACLs as
>>
>> "ICACLS preserves the canonical ordering of ACE entries:
>>         Explicit denials
>>         Explicit grants
>>         Inherited denials
>>         Inherited grants"
>>
>> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows
>> File
>> Explorer often does not consider Cygwin ACLs in what it considers
>> canonical
>> order and requires them to be reordered, which breaks the Cygwin
>> permissions.
>>
>> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with
>> BUILTIN/Administrators,
>> as users, groups, or both:
>>
>> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/;
>> echo;
>> icacls C:/Users/
>> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13  2020 /proc/cygdrive/c/Users/
>>
>> # file: /proc/cygdrive/c/Users/
>> # owner: SYSTEM
>> # group: SYSTEM
>> user::rwx
>> group::r-x
>> group:Administrators:rwx        #effective:r-x
>> group:Users:r-x
>> mask::r-x
>> other::r-x
>> default:user::rwx
>> default:group::---
>> default:group:Administrators:rwx        #effective:r-x
>> default:group:Users:r-x
>> default:mask::r-x
>> default:other::r-x
>>
>> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
>>           BUILTIN\Administrators:(OI)(CI)(F)
>>           BUILTIN\Users:(RX)
>>           BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
>>           Everyone:(RX)
>>           Everyone:(OI)(CI)(IO)(GR,GE)
>>
>> Successfully processed 1 files; Failed processing 0 files
>>
>> --
>> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>>
>> This email may be disturbing to some readers as it contains
>> too much technical detail. Reader discretion is advised.
>> [Data in binary units and prefixes, physical quantities in SI.]
>>
>> --
>> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>>
>> This email may be disturbing to some readers as it contains
>> too much technical detail. Reader discretion is advised.
>> [Data in binary units and prefixes, physical quantities in SI.]
>> --
>> Problem reports:      https://cygwin.com/problems.html
>> FAQ:                  https://cygwin.com/faq/
>> Documentation:        https://cygwin.com/docs.html
>> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple
>>
>

Re: Fwd: Objects in ACL cygwin win 10

[Brian Inglis]

On 2020-10-24 01:09, Jim McNamara via Cygwin wrote:
> On Sat, Oct 24, 2020, 3:02 AM Jim McNamara wrote:
>> On Sat, Oct 24, 2020, 12:46 AM Brian Inglis wrote:
>>> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
>>>> On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:

>>>>> I have to admit I am not 100% sure what you are asking, but I am 
>>>>> careful to grant SYSTEM access so that my backup program can access
>>>>> and save a copy of virtually everything

>>>> Thanks for you and Brian helping me.
>>>> I used icacls cygwin /q /c /t reset

>>> You have to be very careful using icacls and other Windows commands with
>>> Cygwin
>>> ACLs as
>>>
>>> "ICACLS preserves the canonical ordering of ACE entries:
>>>         Explicit denials
>>>         Explicit grants
>>>         Inherited denials
>>>         Inherited grants"
>>>
>>> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows
>>> File
>>> Explorer often does not consider Cygwin ACLs in what it considers
>>> canonical
>>> order and requires them to be reordered, which breaks the Cygwin
>>> permissions.
>>>
>>> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with
>>> BUILTIN/Administrators,
>>> as users, groups, or both:
>>>
>>> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/;
>>> echo;
>>> icacls C:/Users/
>>> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13  2020 /proc/cygdrive/c/Users/
>>>
>>> # file: /proc/cygdrive/c/Users/
>>> # owner: SYSTEM
>>> # group: SYSTEM
>>> user::rwx
>>> group::r-x
>>> group:Administrators:rwx        #effective:r-x
>>> group:Users:r-x
>>> mask::r-x
>>> other::r-x
>>> default:user::rwx
>>> default:group::---
>>> default:group:Administrators:rwx        #effective:r-x
>>> default:group:Users:r-x
>>> default:mask::r-x
>>> default:other::r-x
>>>
>>> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
>>>           BUILTIN\Administrators:(OI)(CI)(F)
>>>           BUILTIN\Users:(RX)
>>>           BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
>>>           Everyone:(RX)
>>>           Everyone:(OI)(CI)(IO)(GR,GE)
>>>
>>> Successfully processed 1 files; Failed processing 0 files

>> Yes, I see now what you are saying. Didn't know why it behaves like that.
>> Do you reccomend:
>>
>> A. Noacl option  in fstab
>> B. Reinstall and leave icacls in windows alone so I can deploy in future
>> with runtime

> I decided to go with b. since windows ntfs wont recognize a and I want to
> deploy. I'm using cygwin to make agar gui apps for cobol (at least that is
> the plan).

That's normally the best way, although it may also be okay to add ACEs with
permission grants to groups as normal, or equivalents via GPOs.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

Re: Fwd: Objects in ACL cygwin win 10

[Andrey Repin]

Greetings, Jim McNamara!

Please no top-posting in this list.


>> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
>> > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:
>>
>> >> I have to admit I am not 100% sure what you are asking, but I am careful
>> >> to grant SYSTEM access so
>> >> that my backup program can access and save a copy of virtually
>> everything
>>
>> > Thanks for you and Brian helping me.
>> > I used icacls cygwin /q /c /t reset
>>
>> You have to be very careful using icacls and other Windows commands with
>> Cygwin
>> ACLs as
>>
>> "ICACLS preserves the canonical ordering of ACE entries:
>>         Explicit denials
>>         Explicit grants
>>         Inherited denials
>>         Inherited grants"
>>
>> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows
>> File
>> Explorer often does not consider Cygwin ACLs in what it considers canonical
>> order and requires them to be reordered, which breaks the Cygwin
>> permissions.
>>
>> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with
>> BUILTIN/Administrators,
>> as users, groups, or both:
>>
>> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/;
>> echo;
>> icacls C:/Users/
>> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13  2020 /proc/cygdrive/c/Users/
>>
>> # file: /proc/cygdrive/c/Users/
>> # owner: SYSTEM
>> # group: SYSTEM
>> user::rwx
>> group::r-x
>> group:Administrators:rwx        #effective:r-x
>> group:Users:r-x
>> mask::r-x
>> other::r-x
>> default:user::rwx
>> default:group::---
>> default:group:Administrators:rwx        #effective:r-x
>> default:group:Users:r-x
>> default:mask::r-x
>> default:other::r-x
>>
>> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
>>           BUILTIN\Administrators:(OI)(CI)(F)
>>           BUILTIN\Users:(RX)
>>           BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
>>           Everyone:(RX)
>>           Everyone:(OI)(CI)(IO)(GR,GE)
>>
>> Successfully processed 1 files; Failed processing 0 files
>>

> Yes, I see now what you are saying. Didn't know why it behaves like that.
> Do you reccomend:

> A. Noacl option  in fstab
> B. Reinstall and leave icacls in windows alone so I can deploy in future
> with runtime

C. Reinstall Cygwin into a new directory (or backup the current one and
reinstall). Use noacl option for directories outside Cygwin tree (i.e.
/cygdrive).


-- 
With best regards,
Andrey Repin
Sunday, October 25, 2020 12:07:33

Sorry for my terrible english...