* Objects in ACL cygwin win 10
@ 2020-10-23 20:02 Jim McNamara
2020-10-23 21:30 ` Brian Inglis
0 siblings, 1 reply; 11+ messages in thread
From: Jim McNamara @ 2020-10-23 20:02 UTC (permalink / raw)
To: cygwin
Hi all-
I have : group everyone and my user sid as my ACLs with their permissions
in cygwin. I use chmod to set permissions and dont use fstab.
Can someone please check by right clicking properties security tab in win
10 and verify that is all I need?
I'm not using any domains.
I'm not sure if I need system object that is used for OS things. I dont
think so but am not sure.
Thanks
Roboloki
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Objects in ACL cygwin win 10
2020-10-23 20:02 Objects in ACL cygwin win 10 Jim McNamara
@ 2020-10-23 21:30 ` Brian Inglis
2020-10-23 22:41 ` Jim McNamara
0 siblings, 1 reply; 11+ messages in thread
From: Brian Inglis @ 2020-10-23 21:30 UTC (permalink / raw)
To: Cygwin
On 2020-10-23 14:02, Jim McNamara via Cygwin wrote:
> I have : group everyone and my user sid as my ACLs with their permissions
> in cygwin. I use chmod to set permissions and dont use fstab.
>
> Can someone please check by right clicking properties security tab in win
> 10 and verify that is all I need?
>
> I'm not using any domains.
>
> I'm not sure if I need system object that is used for OS things. I dont
> think so but am not sure.
Not sure what you are asking about, but if you run
$ ls -dl dir; getfacl dir; icacls dir
$ ls -dl dir/file; getfacl dir/file; icacls dir/file
you can see how POSIX perms get translated into POSIX ACLs and implemented as
Windows ACLs.
If anything appears complex or inconsistent, try running setfacl -b on dirs or
files then reapply chmod perms and recheck with the above.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Objects in ACL cygwin win 10
2020-10-23 21:30 ` Brian Inglis
@ 2020-10-23 22:41 ` Jim McNamara
2020-10-23 23:12 ` Jim McNamara
[not found] ` <9c03f3ea-8989-5f93-41c4-4d832eaef94c@cs.umass.edu>
0 siblings, 2 replies; 11+ messages in thread
From: Jim McNamara @ 2020-10-23 22:41 UTC (permalink / raw)
To: Cygwin
In more descriptive terms, an access control list is a list that determines
which system processes or users are granted access to an object as well as
what operations are permitted on the object.
I tried to refer to the object 'system '. There are other objects like
administrator, administrators, user, and everyone.
Sorry, I tried to initially save keystrokes because I was typing on a phone
keyboard. Bad idea.
Just wondering, for home users, that aren't using domains, with ACLs, what
type of objects are listed when you right click on a text file and choose
properties and security in the windows 10 file explorer from within your
cygwin install.
I ask partially because with ACL as context, I cannot find a good example
of 'system' object and what it is used for. I figure it must be either
complicated or the opposite which is well understood .
If you dont answer, I'm only frustrated with myself.
Thanks for your help.
Sorry Brian,
Thanks,
Roboloki
On Fri, Oct 23, 2020, 5:31 PM Brian Inglis <Brian.Inglis@systematicsw.ab.ca>
wrote:
> On 2020-10-23 14:02, Jim McNamara via Cygwin wrote:
> > I have : group everyone and my user sid as my ACLs with their permissions
> > in cygwin. I use chmod to set permissions and dont use fstab.
> >
> > Can someone please check by right clicking properties security tab in win
> > 10 and verify that is all I need?
> >
> > I'm not using any domains.
> >
> > I'm not sure if I need system object that is used for OS things. I dont
> > think so but am not sure.
>
> Not sure what you are asking about, but if you run
>
> $ ls -dl dir; getfacl dir; icacls dir
> $ ls -dl dir/file; getfacl dir/file; icacls dir/file
>
> you can see how POSIX perms get translated into POSIX ACLs and implemented
> as
> Windows ACLs.
>
> If anything appears complex or inconsistent, try running setfacl -b on
> dirs or
> files then reapply chmod perms and recheck with the above.
>
> --
> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>
> This email may be disturbing to some readers as it contains
> too much technical detail. Reader discretion is advised.
> [Data in binary units and prefixes, physical quantities in SI.]
> --
> Problem reports: https://cygwin.com/problems.html
> FAQ: https://cygwin.com/faq/
> Documentation: https://cygwin.com/docs.html
> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Objects in ACL cygwin win 10
2020-10-23 22:41 ` Jim McNamara
@ 2020-10-23 23:12 ` Jim McNamara
[not found] ` <9c03f3ea-8989-5f93-41c4-4d832eaef94c@cs.umass.edu>
1 sibling, 0 replies; 11+ messages in thread
From: Jim McNamara @ 2020-10-23 23:12 UTC (permalink / raw)
To: Cygwin
Hi all
I think I figured out that the processes that the ACL object/identifier
'system' is referring to are like processes in sysinternals process
explorer .
Not sure but that is my best guess.
If all else fails, I will chmod the hell out of everything until I beat
stat command into submission.
I will also be experimenting with your list of commands!
Have a cool weekend.
Thanks again for your help, Brian.
Later
On Fri, Oct 23, 2020, 6:41 PM Jim McNamara <nefariousscheme@gmail.com>
wrote:
> In more descriptive terms, an access control list is a list that
> determines which system processes or users are granted access to an object
> as well as what operations are permitted on the object.
>
> I tried to refer to the object 'system '. There are other objects like
> administrator, administrators, user, and everyone.
>
> Sorry, I tried to initially save keystrokes because I was typing on a
> phone keyboard. Bad idea.
>
> Just wondering, for home users, that aren't using domains, with ACLs,
> what type of objects are listed when you right click on a text file and
> choose properties and security in the windows 10 file explorer from within
> your cygwin install.
>
> I ask partially because with ACL as context, I cannot find a good example
> of 'system' object and what it is used for. I figure it must be either
> complicated or the opposite which is well understood .
>
> If you dont answer, I'm only frustrated with myself.
>
> Thanks for your help.
>
> Sorry Brian,
>
> Thanks,
> Roboloki
>
>
>
>
>
>
>
>
> On Fri, Oct 23, 2020, 5:31 PM Brian Inglis <
> Brian.Inglis@systematicsw.ab.ca> wrote:
>
>> On 2020-10-23 14:02, Jim McNamara via Cygwin wrote:
>> > I have : group everyone and my user sid as my ACLs with their
>> permissions
>> > in cygwin. I use chmod to set permissions and dont use fstab.
>> >
>> > Can someone please check by right clicking properties security tab in
>> win
>> > 10 and verify that is all I need?
>> >
>> > I'm not using any domains.
>> >
>> > I'm not sure if I need system object that is used for OS things. I dont
>> > think so but am not sure.
>>
>> Not sure what you are asking about, but if you run
>>
>> $ ls -dl dir; getfacl dir; icacls dir
>> $ ls -dl dir/file; getfacl dir/file; icacls dir/file
>>
>> you can see how POSIX perms get translated into POSIX ACLs and
>> implemented as
>> Windows ACLs.
>>
>> If anything appears complex or inconsistent, try running setfacl -b on
>> dirs or
>> files then reapply chmod perms and recheck with the above.
>>
>> --
>> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>>
>> This email may be disturbing to some readers as it contains
>> too much technical detail. Reader discretion is advised.
>> [Data in binary units and prefixes, physical quantities in SI.]
>> --
>> Problem reports: https://cygwin.com/problems.html
>> FAQ: https://cygwin.com/faq/
>> Documentation: https://cygwin.com/docs.html
>> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
>>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Fwd: Objects in ACL cygwin win 10
[not found] ` <CAEMWCRvrVGvfX_3yP7XF6SmNtFXd9UwQVahq1bRL1tazBbCibg@mail.gmail.com>
@ 2020-10-24 3:49 ` Jim McNamara
2020-10-24 4:43 ` Brian Inglis
2020-10-24 4:44 ` Brian Inglis
0 siblings, 2 replies; 11+ messages in thread
From: Jim McNamara @ 2020-10-24 3:49 UTC (permalink / raw)
To: cygwin
---------- Forwarded message >
Date: Fri, Oct 23, 2020, 11:48 PM
Subject: Re: Objects in ACL cygwin win 10
To: moss>
Hi elliot
Thanks for you and Brian helping me.
I used icacls cygwin /q /c /t reset
Thanks!
Roboloki
On Fri, Oct 23, 2020, 10:06 PM Eliot Moss <moss@cs.umass.edu> wrote:
> I have to admit I am not 100% sure what you are asking, but I am careful
> to grant SYSTEM access so
> that my backup program can access and save a copy of virtually everything
> ...
>
> EM
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10
2020-10-24 3:49 ` Fwd: " Jim McNamara
@ 2020-10-24 4:43 ` Brian Inglis
2020-10-24 4:44 ` Brian Inglis
1 sibling, 0 replies; 11+ messages in thread
From: Brian Inglis @ 2020-10-24 4:43 UTC (permalink / raw)
To: cygwin
On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
> On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:
>> I have to admit I am not 100% sure what you are asking, but I am careful
>> to grant SYSTEM access so
>> that my backup program can access and save a copy of virtually everything
> Thanks for you and Brian helping me.
> I used icacls cygwin /q /c /t reset
You have to be very careful using icacls and other Windows commands with Cygwin
ACLs as
"ICACLS preserves the canonical ordering of ACE entries:
Explicit denials
Explicit grants
Inherited denials
Inherited grants"
and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows File
Explorer often does not consider Cygwin ACLs in what it considers canonical
order and requires them to be reordered, which breaks the Cygwin permissions.
Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with BUILTIN/Administrators,
as users, groups, or both:
$ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; echo;
icacls C:/Users/
drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/
# file: /proc/cygdrive/c/Users/
# owner: SYSTEM
# group: SYSTEM
user::rwx
group::r-x
group:Administrators:rwx #effective:r-x
group:Users:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::---
default:group:Administrators:rwx #effective:r-x
default:group:Users:r-x
default:mask::r-x
default:other::r-x
C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
Everyone:(RX)
Everyone:(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10
2020-10-24 3:49 ` Fwd: " Jim McNamara
2020-10-24 4:43 ` Brian Inglis
@ 2020-10-24 4:44 ` Brian Inglis
2020-10-24 7:02 ` Jim McNamara
1 sibling, 1 reply; 11+ messages in thread
From: Brian Inglis @ 2020-10-24 4:44 UTC (permalink / raw)
To: cygwin
On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
> On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:
>> I have to admit I am not 100% sure what you are asking, but I am careful
>> to grant SYSTEM access so
>> that my backup program can access and save a copy of virtually everything
> Thanks for you and Brian helping me.
> I used icacls cygwin /q /c /t reset
You have to be very careful using icacls and other Windows commands with Cygwin
ACLs as
"ICACLS preserves the canonical ordering of ACE entries:
Explicit denials
Explicit grants
Inherited denials
Inherited grants"
and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows File
Explorer often does not consider Cygwin ACLs in what it considers canonical
order and requires them to be reordered, which breaks the Cygwin permissions.
Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with BUILTIN/Administrators,
as users, groups, or both:
$ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; echo;
icacls C:/Users/
drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/
# file: /proc/cygdrive/c/Users/
# owner: SYSTEM
# group: SYSTEM
user::rwx
group::r-x
group:Administrators:rwx #effective:r-x
group:Users:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::---
default:group:Administrators:rwx #effective:r-x
default:group:Users:r-x
default:mask::r-x
default:other::r-x
C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
Everyone:(RX)
Everyone:(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10
2020-10-24 4:44 ` Brian Inglis
@ 2020-10-24 7:02 ` Jim McNamara
2020-10-24 7:09 ` Jim McNamara
2020-10-25 9:19 ` Andrey Repin
0 siblings, 2 replies; 11+ messages in thread
From: Jim McNamara @ 2020-10-24 7:02 UTC (permalink / raw)
To: cygwin
Hi Brian
Yes, I see now what you are saying. Didn't know why it behaves like that.
Do you reccomend:
A. Noacl option in fstab
B. Reinstall and leave icacls in windows alone so I can deploy in future
with runtime
Thnx,
Roboloki
On Sat, Oct 24, 2020, 12:46 AM Brian Inglis <Brian.Inglis@systematicsw.ab.ca>
wrote:
> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
> > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:
>
> >> I have to admit I am not 100% sure what you are asking, but I am careful
> >> to grant SYSTEM access so
> >> that my backup program can access and save a copy of virtually
> everything
>
> > Thanks for you and Brian helping me.
> > I used icacls cygwin /q /c /t reset
>
> You have to be very careful using icacls and other Windows commands with
> Cygwin
> ACLs as
>
> "ICACLS preserves the canonical ordering of ACE entries:
> Explicit denials
> Explicit grants
> Inherited denials
> Inherited grants"
>
> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows
> File
> Explorer often does not consider Cygwin ACLs in what it considers canonical
> order and requires them to be reordered, which breaks the Cygwin
> permissions.
>
> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with
> BUILTIN/Administrators,
> as users, groups, or both:
>
> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/;
> echo;
> icacls C:/Users/
> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/
>
> # file: /proc/cygdrive/c/Users/
> # owner: SYSTEM
> # group: SYSTEM
> user::rwx
> group::r-x
> group:Administrators:rwx #effective:r-x
> group:Users:r-x
> mask::r-x
> other::r-x
> default:user::rwx
> default:group::---
> default:group:Administrators:rwx #effective:r-x
> default:group:Users:r-x
> default:mask::r-x
> default:other::r-x
>
> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> BUILTIN\Administrators:(OI)(CI)(F)
> BUILTIN\Users:(RX)
> BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
> Everyone:(RX)
> Everyone:(OI)(CI)(IO)(GR,GE)
>
> Successfully processed 1 files; Failed processing 0 files
>
> --
> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>
> This email may be disturbing to some readers as it contains
> too much technical detail. Reader discretion is advised.
> [Data in binary units and prefixes, physical quantities in SI.]
>
> --
> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>
> This email may be disturbing to some readers as it contains
> too much technical detail. Reader discretion is advised.
> [Data in binary units and prefixes, physical quantities in SI.]
> --
> Problem reports: https://cygwin.com/problems.html
> FAQ: https://cygwin.com/faq/
> Documentation: https://cygwin.com/docs.html
> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10
2020-10-24 7:02 ` Jim McNamara
@ 2020-10-24 7:09 ` Jim McNamara
2020-10-24 7:35 ` Brian Inglis
2020-10-25 9:19 ` Andrey Repin
1 sibling, 1 reply; 11+ messages in thread
From: Jim McNamara @ 2020-10-24 7:09 UTC (permalink / raw)
To: cygwin
I decided to go with b. since windows ntfs wont recognize a and I want to
deploy. Im using cygwin to make agar gui apps for cobol (at least that is
the plan). Thnx brian!
On Sat, Oct 24, 2020, 3:02 AM Jim McNamara <nefariousscheme@gmail.com>
wrote:
> Hi Brian
>
> Yes, I see now what you are saying. Didn't know why it behaves like that.
> Do you reccomend:
>
> A. Noacl option in fstab
> B. Reinstall and leave icacls in windows alone so I can deploy in future
> with runtime
>
> Thnx,
> Roboloki
>
> On Sat, Oct 24, 2020, 12:46 AM Brian Inglis <
> Brian.Inglis@systematicsw.ab.ca> wrote:
>
>> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
>> > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:
>>
>> >> I have to admit I am not 100% sure what you are asking, but I am
>> careful
>> >> to grant SYSTEM access so
>> >> that my backup program can access and save a copy of virtually
>> everything
>>
>> > Thanks for you and Brian helping me.
>> > I used icacls cygwin /q /c /t reset
>>
>> You have to be very careful using icacls and other Windows commands with
>> Cygwin
>> ACLs as
>>
>> "ICACLS preserves the canonical ordering of ACE entries:
>> Explicit denials
>> Explicit grants
>> Inherited denials
>> Inherited grants"
>>
>> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows
>> File
>> Explorer often does not consider Cygwin ACLs in what it considers
>> canonical
>> order and requires them to be reordered, which breaks the Cygwin
>> permissions.
>>
>> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with
>> BUILTIN/Administrators,
>> as users, groups, or both:
>>
>> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/;
>> echo;
>> icacls C:/Users/
>> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/
>>
>> # file: /proc/cygdrive/c/Users/
>> # owner: SYSTEM
>> # group: SYSTEM
>> user::rwx
>> group::r-x
>> group:Administrators:rwx #effective:r-x
>> group:Users:r-x
>> mask::r-x
>> other::r-x
>> default:user::rwx
>> default:group::---
>> default:group:Administrators:rwx #effective:r-x
>> default:group:Users:r-x
>> default:mask::r-x
>> default:other::r-x
>>
>> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
>> BUILTIN\Administrators:(OI)(CI)(F)
>> BUILTIN\Users:(RX)
>> BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
>> Everyone:(RX)
>> Everyone:(OI)(CI)(IO)(GR,GE)
>>
>> Successfully processed 1 files; Failed processing 0 files
>>
>> --
>> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>>
>> This email may be disturbing to some readers as it contains
>> too much technical detail. Reader discretion is advised.
>> [Data in binary units and prefixes, physical quantities in SI.]
>>
>> --
>> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>>
>> This email may be disturbing to some readers as it contains
>> too much technical detail. Reader discretion is advised.
>> [Data in binary units and prefixes, physical quantities in SI.]
>> --
>> Problem reports: https://cygwin.com/problems.html
>> FAQ: https://cygwin.com/faq/
>> Documentation: https://cygwin.com/docs.html
>> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
>>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10
2020-10-24 7:09 ` Jim McNamara
@ 2020-10-24 7:35 ` Brian Inglis
0 siblings, 0 replies; 11+ messages in thread
From: Brian Inglis @ 2020-10-24 7:35 UTC (permalink / raw)
To: cygwin
On 2020-10-24 01:09, Jim McNamara via Cygwin wrote:
> On Sat, Oct 24, 2020, 3:02 AM Jim McNamara wrote:
>> On Sat, Oct 24, 2020, 12:46 AM Brian Inglis wrote:
>>> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
>>>> On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:
>>>>> I have to admit I am not 100% sure what you are asking, but I am
>>>>> careful to grant SYSTEM access so that my backup program can access
>>>>> and save a copy of virtually everything
>>>> Thanks for you and Brian helping me.
>>>> I used icacls cygwin /q /c /t reset
>>> You have to be very careful using icacls and other Windows commands with
>>> Cygwin
>>> ACLs as
>>>
>>> "ICACLS preserves the canonical ordering of ACE entries:
>>> Explicit denials
>>> Explicit grants
>>> Inherited denials
>>> Inherited grants"
>>>
>>> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows
>>> File
>>> Explorer often does not consider Cygwin ACLs in what it considers
>>> canonical
>>> order and requires them to be reordered, which breaks the Cygwin
>>> permissions.
>>>
>>> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with
>>> BUILTIN/Administrators,
>>> as users, groups, or both:
>>>
>>> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/;
>>> echo;
>>> icacls C:/Users/
>>> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/
>>>
>>> # file: /proc/cygdrive/c/Users/
>>> # owner: SYSTEM
>>> # group: SYSTEM
>>> user::rwx
>>> group::r-x
>>> group:Administrators:rwx #effective:r-x
>>> group:Users:r-x
>>> mask::r-x
>>> other::r-x
>>> default:user::rwx
>>> default:group::---
>>> default:group:Administrators:rwx #effective:r-x
>>> default:group:Users:r-x
>>> default:mask::r-x
>>> default:other::r-x
>>>
>>> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
>>> BUILTIN\Administrators:(OI)(CI)(F)
>>> BUILTIN\Users:(RX)
>>> BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
>>> Everyone:(RX)
>>> Everyone:(OI)(CI)(IO)(GR,GE)
>>>
>>> Successfully processed 1 files; Failed processing 0 files
>> Yes, I see now what you are saying. Didn't know why it behaves like that.
>> Do you reccomend:
>>
>> A. Noacl option in fstab
>> B. Reinstall and leave icacls in windows alone so I can deploy in future
>> with runtime
> I decided to go with b. since windows ntfs wont recognize a and I want to
> deploy. I'm using cygwin to make agar gui apps for cobol (at least that is
> the plan).
That's normally the best way, although it may also be okay to add ACEs with
permission grants to groups as normal, or equivalents via GPOs.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10
2020-10-24 7:02 ` Jim McNamara
2020-10-24 7:09 ` Jim McNamara
@ 2020-10-25 9:19 ` Andrey Repin
1 sibling, 0 replies; 11+ messages in thread
From: Andrey Repin @ 2020-10-25 9:19 UTC (permalink / raw)
To: Jim McNamara, cygwin
Greetings, Jim McNamara!
Please no top-posting in this list.
>> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
>> > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:
>>
>> >> I have to admit I am not 100% sure what you are asking, but I am careful
>> >> to grant SYSTEM access so
>> >> that my backup program can access and save a copy of virtually
>> everything
>>
>> > Thanks for you and Brian helping me.
>> > I used icacls cygwin /q /c /t reset
>>
>> You have to be very careful using icacls and other Windows commands with
>> Cygwin
>> ACLs as
>>
>> "ICACLS preserves the canonical ordering of ACE entries:
>> Explicit denials
>> Explicit grants
>> Inherited denials
>> Inherited grants"
>>
>> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows
>> File
>> Explorer often does not consider Cygwin ACLs in what it considers canonical
>> order and requires them to be reordered, which breaks the Cygwin
>> permissions.
>>
>> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with
>> BUILTIN/Administrators,
>> as users, groups, or both:
>>
>> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/;
>> echo;
>> icacls C:/Users/
>> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/
>>
>> # file: /proc/cygdrive/c/Users/
>> # owner: SYSTEM
>> # group: SYSTEM
>> user::rwx
>> group::r-x
>> group:Administrators:rwx #effective:r-x
>> group:Users:r-x
>> mask::r-x
>> other::r-x
>> default:user::rwx
>> default:group::---
>> default:group:Administrators:rwx #effective:r-x
>> default:group:Users:r-x
>> default:mask::r-x
>> default:other::r-x
>>
>> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
>> BUILTIN\Administrators:(OI)(CI)(F)
>> BUILTIN\Users:(RX)
>> BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
>> Everyone:(RX)
>> Everyone:(OI)(CI)(IO)(GR,GE)
>>
>> Successfully processed 1 files; Failed processing 0 files
>>
> Yes, I see now what you are saying. Didn't know why it behaves like that.
> Do you reccomend:
> A. Noacl option in fstab
> B. Reinstall and leave icacls in windows alone so I can deploy in future
> with runtime
C. Reinstall Cygwin into a new directory (or backup the current one and
reinstall). Use noacl option for directories outside Cygwin tree (i.e.
/cygdrive).
--
With best regards,
Andrey Repin
Sunday, October 25, 2020 12:07:33
Sorry for my terrible english...
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2020-10-25 9:20 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-23 20:02 Objects in ACL cygwin win 10 Jim McNamara
2020-10-23 21:30 ` Brian Inglis
2020-10-23 22:41 ` Jim McNamara
2020-10-23 23:12 ` Jim McNamara
[not found] ` <9c03f3ea-8989-5f93-41c4-4d832eaef94c@cs.umass.edu>
[not found] ` <CAEMWCRvrVGvfX_3yP7XF6SmNtFXd9UwQVahq1bRL1tazBbCibg@mail.gmail.com>
2020-10-24 3:49 ` Fwd: " Jim McNamara
2020-10-24 4:43 ` Brian Inglis
2020-10-24 4:44 ` Brian Inglis
2020-10-24 7:02 ` Jim McNamara
2020-10-24 7:09 ` Jim McNamara
2020-10-24 7:35 ` Brian Inglis
2020-10-25 9:19 ` Andrey Repin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).