Re: Duplicate ACLs? - Can't copy file even with Admin permissions

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: "" <cygwin@kosowsky.org>
To: cygwin@cygwin.com
Subject: Re: Duplicate ACLs? - Can't copy file even with Admin permissions
Date: Fri, 7 Jan 2022 15:56:06 -0500	[thread overview]
Message-ID: <25048.43238.484068.737126@consult.pretender> (raw)
In-Reply-To: <8735m12k3u.fsf@Rainer.invalid>
In-Reply-To: <25047.23325.33020.646017@consult.pretender>

> Corinna Vinschen wrote:
> On Jan  6 16:11, cyg...@kosowsky.org wrote:
> It is.  I realized belatedly, that 3da9e136.acl is apparently a
> directory, not a file.

It's actually a file...
     # ls -al 3da9e136.rbf
     -rwxrwxr-x+ 1 Administrators SYSTEM 96728 Jul  8  2018 3da9e136.rbf*

     #file 3da9e136.rbf
     3da9e136.acl: data
     3da9e136.rbf: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Window

Notice:
    # icacls.exe  3da9e136.rbf
    3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                 Everyone:(OI)(CI)(RX)
		 BUILTIN\Administrators:(OI)(CI)(F)

    Successfully processed 1 files; Failed processing 0 files

But:
    #icacls 3da9e136.rbf /save 3da9e136.acl
    processed file: 3da9e136.rbf
    Successfully processed 1 files; Failed processing 0 files

    #cat 3da9e136.acl
    3da9e136.rbf
    D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)


> So I tweaked my local test accordingly, and
> here's my session output:
> 
>   $ mkdir acltest
>     $ chown Administrators.SYSTEM acltest
>       $ cat aclfile.sav
>         acltest
> 	  D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
> 	    $ icacls . /restore aclfile.sav
> 	      processed file: .\acltest
> 	        Successfully processed 1 files; Failed processing 0
>     files
>       $ icacls acltest
>         acltest NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> 	          Everyone:(OI)(CI)(RX)
> 		            BUILTIN\Administrators:(OI)(CI)(F)
> 
>   Successfully processed 1 files; Failed processing 0 files
> 
> >   #icacls 3da9e136.rbf
> >   3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> >              Everyone:(OI)(CI)(RX)
> >              BUILTIN\Administrators:(OI)(CI)(F)
> >
> >   Successfully processed 1 files; Failed processing 0 files
> 
> So the DACL is now identical to yours.  Let's try getfacl:
> 
>   $ getfacl --version | head -1
>     getfacl (cygwin) 3.3.3
>       $ getfacl acltest
>         # file: acltest
> 	  # owner: Administrators
> 	    # group: SYSTEM
> 	      user::rwx
> 	        group::rwx
> 		  other::r-x
> 		    default:user::rwx
> 		      default:group::rwx
> 		        default:group:SYSTEM:rwx
> 			  default:mask::rwx
> 			    default:other::r-x
> 
> Ok, that looks correct.  Now compare with the output of your getfacl:
> 
> >   #getfacl 3da9e136.rbf
> >   # file: 3da9e136.rbf
> >   # owner: Administrators
> >   # group: SYSTEM
> >   user::rwx
> >   group::rwx
> >   other::r-x
> >   user::rwx
> >   group::rwx
> >   group:SYSTEM:rwx
> >   mask::rwx
> >   other::r-x
> 
> It's exactly the same as the one my gefacl prints above, except the
> "default:" specifier for default ACEs is missing in the output.

Could that because yours is a directory and mine is a file

> I can't explain that, sorry.  Old getfacl version?  Running an output
> filter of some sort?  Clutching at straws here....

  #getfacl --version | head -1
  getfacl (cygwin) 3.3.3

next prev parent reply	other threads:[~2022-01-07 20:56 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-03 15:51 cygwin
2022-01-05 11:34 ` Corinna Vinschen
2022-01-06 11:12   ` Achim Gratz
2022-01-06 21:11     ` cygwin
2022-01-07 13:22       ` Corinna Vinschen
2022-01-07 20:56       ` cygwin [this message]
2022-01-10 10:07         ` Corinna Vinschen
2022-01-10 13:46           ` Corinna Vinschen
2022-01-12  9:33             ` Corinna Vinschen
2022-01-19  2:26             ` cygwin
2022-01-19  8:00               ` Corinna Vinschen
2022-01-21 13:57                 ` cygwin
2022-01-25 19:19                   ` Corinna Vinschen
2022-01-26  1:11                     ` cygwin
2022-01-06 18:05   ` Andrey Repin
2022-01-06 19:42     ` Franz Fehringer
2022-01-06 20:35     ` cygwin
2022-01-06 20:46       ` Eliot Moss

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=25048.43238.484068.737126@consult.pretender \
    --to=cygwin@kosowsky.org \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).