From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-0.7
Date: Tue, 21 Apr 2015 12:16:00 -0000 [thread overview]
Message-ID: <20150421121559.GY3657@calimero.vinschen.de> (raw)
In-Reply-To: <loom.20150421T111734-742@post.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 8261 bytes --]
On Apr 21 09:33, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > New 2.0.0-0.7 test release:
>
> It looks like I found a bug or at least some extremely undesirable
> behaviour. We back up some data via rsync, the script doesn't use the --acl
> option yet (that will need to change). The bug happens without this option,
> so rsync tries to preserve the modes, which ends up making the files
> inaccessible. The file share we back up from have ACL to grant the access
> only to certain groups and disallow to change the DACL. In trying to get
> the modes set up in the same way, Cygwin rsync produces some DENY ACL that
> will completely lock me out (the windows GUI will not only complain about
> the order of ACL, it will also not show all ACL, so icacls is the only tool
> that can be used from that point forward). I'm not really sure what rsync
> is doing here... it may need to become smarter about that possibility.
It's not about rsync exactly. The problem is that I'm missing the
context a bit. I take it the permissions are supposed to be inherited
from the ".." dir, basically. The ".." dir has been created by
non-Cygwin means, right? The "." dir has been created by Cygwin already
it seems, but what permissions were desired? Does it match the
expectations or not?
The "dir1" and "dir2" directories both have been created by Cygwin,
but they are somehow totally wrong. I don't see how this could occur,
even in case the ACL sorting fails at creation time.
Btw., the getfacl output of dir1 and dir2 don't seem to match the
icacls output. The groups are different.
I wonder if I can create a similar scenario. Reproducing might be
tricky :(
Corinna
> (1020)...Backup_rsync/~2015-04-20_15~37 > `cygpath -S`/icacls ..
> .. BUILTIN\Administrators:(I)(F)
> BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
> NT AUTHORITY\SYSTEM:(I)(F)
> NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
> NT AUTHORITY\Authenticated Users:(I)(M)
> NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
> BUILTIN\Users:(I)(RX)
> BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
> Everyone:(I)(OI)(IO)(M,GA)
> Everyone:(I)(CI)(F)
>
> 1 Dateien erfolgreich verarbeitet, bei 0 Dateien ist ein Verarbeitungsfehler
> aufgetreten.
> (1021)...Backup_rsync/~2015-04-20_15~37 > `cygpath -S`/icacls .
> . NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)
> DOM\gratz:(F)
> BUILTIN\Users:(DENY)(W,DC)
> DOM\Domain Users:(RX,W,DC)
> NT AUTHORITY\Authenticated Users:(RX,W,DC)
> NT AUTHORITY\SYSTEM:(RX,W,DC)
> BUILTIN\Administrators:(RX,W,DC)
> BUILTIN\Users:(RX)
> Everyone:(RX,W,DC)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,WEA,X,DC)
> CREATOR OWNER:(OI)(CI)(IO)(F)
> CREATOR GROUP:(OI)(CI)(IO)(DENY)(W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(DENY)(W,DC)
> CREATOR GROUP:(OI)(CI)(IO)(RX)
> NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(RX,W,DC)
> NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Administrators:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(RX)
> Everyone:(OI)(CI)(IO)(RX,W,DC)
>
> 1 Dateien erfolgreich verarbeitet, bei 0 Dateien ist ein Verarbeitungsfehler
> aufgetreten.
> (1022)...Backup_rsync/~2015-04-20_15~37 > `cygpath -S`/icacls \*
> dir1 NULL SID:(DENY)(Rc,S,DC)
> NT AUTHORITY\Authenticated Users:(DENY)(W,RD,REA,X,DC)
> BUILTIN\Users:(DENY)(S,RD,REA,X)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,WEA,X,DC)
> CREATOR GROUP:(OI)(CI)(IO)(DENY)(W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(DENY)(W,DC)
> DOM\gratz:(D,Rc,WDAC,WO,RA,WA)
> DOM\Domain Users:(Rc,S,RA)
> NT AUTHORITY\Authenticated Users:(RX,W,DC)
> NT AUTHORITY\SYSTEM:(RX,W,DC)
> BUILTIN\Administrators:(RX,W,DC)
> BUILTIN\Users:(RX)
> Everyone:(Rc,S,RA)
> CREATOR OWNER:(OI)(CI)(IO)(F)
> CREATOR GROUP:(OI)(CI)(IO)(RX)
> NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(RX,W,DC)
> NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Administrators:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(RX)
> Everyone:(OI)(CI)(IO)(RX,W,DC)
> DOM\gratz:(OI)(CI)(F)
>
> dir2 NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)
> DOM\gratz:(DENY)(S,RD,WD,AD,REA,WEA,X,DC)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,WEA,X,DC)
> CREATOR GROUP:(OI)(CI)(IO)(DENY)(W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(DENY)(W,DC)
> DOM\gratz:(D,Rc,WDAC,WO,RA,WA)
> DOM\Domain Users:(RX,W,DC)
> NT AUTHORITY\Authenticated Users:(RX,W,DC)
> NT AUTHORITY\SYSTEM:(RX,W,DC)
> BUILTIN\Administrators:(RX,W,DC)
> BUILTIN\Users:(RX)
> Everyone:(Rc,S,RA)
> CREATOR OWNER:(OI)(CI)(IO)(F)
> CREATOR GROUP:(OI)(CI)(IO)(RX)
> NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(RX,W,DC)
> NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Administrators:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(RX)
> Everyone:(OI)(CI)(IO)(RX,W,DC)
> DOM\gratz:(OI)(CI)(F)
>
> 2 Dateien erfolgreich verarbeitet, bei 0 Dateien ist ein Verarbeitungsfehler
> aufgetreten.
> (1023)...e/ADM_Backup_rsync/~2015-04-20_15~37 > getfacl .. . *
> # file: ..
> # owner: otheruser
> # group: Domain Users
> user::---
> group::---
> group:Authenticated Users:rwx
> group:SYSTEM:rwx
> group:Administrators:rwx
> group:Users:r-x
> mask:rwx
> other:rwx
> default:user::---
> default:group::---
> default:group:Authenticated Users:rwx
> default:group:SYSTEM:rwx
> default:group:Administrators:rwx
> default:group:Users:r-x
> default:mask:rwx
> default:other:rwx
>
> # file: .
> # owner: gratz
> # group: Domain Users
> user::rwx
> group::rwx
> group:Authenticated Users:rwx
> group:SYSTEM:rwx
> group:Administrators:rwx
> group:Users:r-x
> mask:rwx
> other:rwx
> default:user::rwx
> default:group::r-x
> default:group:Authenticated Users:rwx
> default:group:SYSTEM:rwx
> default:group:Administrators:rwx
> default:group:Users:r-x
> default:mask:rwx
> default:other:rwx
>
> # file: dir1
> # owner: gratz
> # group: Domain Users
> user::rwx
> group::---
> group:Authenticated Users:---
> group:SYSTEM:rwx
> group:Administrators:rwx
> group:Users:---
> mask:rwx
> other:---
> default:user::rwx
> default:user:gratz:rwx
> default:group::r-x
> default:group:Authenticated Users:rwx
> default:group:SYSTEM:rwx
> default:group:Administrators:rwx
> default:group:Users:r-x
> default:mask:rwx
> default:other:rwx
>
> # file: dir2
> # owner: gratz
> # group: Domain Users
> user::---
> group::rwx
> group:Authenticated Users:rwx
> group:SYSTEM:rwx
> group:Administrators:rwx
> group:Users:r-x
> mask:rwx
> other:---
> default:user::rwx
> default:user:gratz:rwx
> default:group::r-x
> default:group:Authenticated Users:rwx
> default:group:SYSTEM:rwx
> default:group:Administrators:rwx
> default:group:Users:r-x
> default:mask:rwx
> default:other:rwx
>
> (1024).../Backup_rsync/~2015-04-20_15~37 > getfacl /cygdrive/x/dir1
> # file: /cygdrive/x/dir1
> # owner: otheruser
> # group: Domain Users
> user::---
> group::---
> group:ADM-FileOperators-L:rwx
> group:PRJ-C-L:rwx
> mask:rwx
> other:---
> default:user::---
> default:group::---
> default:group:ADM-FileOperators-L:rwx
> default:group:PRJ-C-L:rwx
> default:mask:rwx
> default:other:---
>
> (1025)...Backup_rsync/~2015-04-20_15~37 > getfacl /cygdrive/z/dir2
> # file: /cygdrive/z/dir2
> # owner: otheruser
> # group: Domain Users
> user::---
> group::---
> group:ADM-FileOperators-L:rwx
> group:PRJ-R-L:r-x
> group:PRJ-C-L:rwx
> mask:rwx
> other:---
> default:user::---
> default:group::---
> default:group:ADM-FileOperators-L:rwx
> default:group:PRJ-R-L:r-x
> default:group:PRJ-C-L:rwx
> default:mask:rwx
> default:other:---
>
>
> Regards,
> Achim
>
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-04-21 12:16 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-17 11:03 Corinna Vinschen
2015-04-17 20:10 ` Achim Gratz
2015-04-18 8:39 ` Corinna Vinschen
2015-04-18 9:47 ` Achim Gratz
2015-04-18 10:20 ` Corinna Vinschen
2015-04-18 10:48 ` Achim Gratz
2015-04-18 11:07 ` Corinna Vinschen
2015-04-19 6:05 ` Achim Gratz
2015-04-21 9:33 ` Achim Gratz
2015-04-21 12:16 ` Corinna Vinschen [this message]
2015-04-21 17:19 ` Achim Gratz
2015-04-22 9:04 ` Corinna Vinschen
2015-04-22 18:35 ` Achim Gratz
2015-04-23 8:34 ` Corinna Vinschen
2015-04-23 18:45 ` Achim Gratz
2015-04-23 19:49 ` Corinna Vinschen
2015-04-24 2:14 ` random user
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150421121559.GY3657@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).