* Objects in ACL cygwin win 10 @ 2020-10-23 20:02 Jim McNamara 2020-10-23 21:30 ` Brian Inglis 0 siblings, 1 reply; 11+ messages in thread From: Jim McNamara @ 2020-10-23 20:02 UTC (permalink / raw) To: cygwin Hi all- I have : group everyone and my user sid as my ACLs with their permissions in cygwin. I use chmod to set permissions and dont use fstab. Can someone please check by right clicking properties security tab in win 10 and verify that is all I need? I'm not using any domains. I'm not sure if I need system object that is used for OS things. I dont think so but am not sure. Thanks Roboloki ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Objects in ACL cygwin win 10 2020-10-23 20:02 Objects in ACL cygwin win 10 Jim McNamara @ 2020-10-23 21:30 ` Brian Inglis 2020-10-23 22:41 ` Jim McNamara 0 siblings, 1 reply; 11+ messages in thread From: Brian Inglis @ 2020-10-23 21:30 UTC (permalink / raw) To: Cygwin On 2020-10-23 14:02, Jim McNamara via Cygwin wrote: > I have : group everyone and my user sid as my ACLs with their permissions > in cygwin. I use chmod to set permissions and dont use fstab. > > Can someone please check by right clicking properties security tab in win > 10 and verify that is all I need? > > I'm not using any domains. > > I'm not sure if I need system object that is used for OS things. I dont > think so but am not sure. Not sure what you are asking about, but if you run $ ls -dl dir; getfacl dir; icacls dir $ ls -dl dir/file; getfacl dir/file; icacls dir/file you can see how POSIX perms get translated into POSIX ACLs and implemented as Windows ACLs. If anything appears complex or inconsistent, try running setfacl -b on dirs or files then reapply chmod perms and recheck with the above. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Objects in ACL cygwin win 10 2020-10-23 21:30 ` Brian Inglis @ 2020-10-23 22:41 ` Jim McNamara 2020-10-23 23:12 ` Jim McNamara [not found] ` <9c03f3ea-8989-5f93-41c4-4d832eaef94c@cs.umass.edu> 0 siblings, 2 replies; 11+ messages in thread From: Jim McNamara @ 2020-10-23 22:41 UTC (permalink / raw) To: Cygwin In more descriptive terms, an access control list is a list that determines which system processes or users are granted access to an object as well as what operations are permitted on the object. I tried to refer to the object 'system '. There are other objects like administrator, administrators, user, and everyone. Sorry, I tried to initially save keystrokes because I was typing on a phone keyboard. Bad idea. Just wondering, for home users, that aren't using domains, with ACLs, what type of objects are listed when you right click on a text file and choose properties and security in the windows 10 file explorer from within your cygwin install. I ask partially because with ACL as context, I cannot find a good example of 'system' object and what it is used for. I figure it must be either complicated or the opposite which is well understood . If you dont answer, I'm only frustrated with myself. Thanks for your help. Sorry Brian, Thanks, Roboloki On Fri, Oct 23, 2020, 5:31 PM Brian Inglis <Brian.Inglis@systematicsw.ab.ca> wrote: > On 2020-10-23 14:02, Jim McNamara via Cygwin wrote: > > I have : group everyone and my user sid as my ACLs with their permissions > > in cygwin. I use chmod to set permissions and dont use fstab. > > > > Can someone please check by right clicking properties security tab in win > > 10 and verify that is all I need? > > > > I'm not using any domains. > > > > I'm not sure if I need system object that is used for OS things. I dont > > think so but am not sure. > > Not sure what you are asking about, but if you run > > $ ls -dl dir; getfacl dir; icacls dir > $ ls -dl dir/file; getfacl dir/file; icacls dir/file > > you can see how POSIX perms get translated into POSIX ACLs and implemented > as > Windows ACLs. > > If anything appears complex or inconsistent, try running setfacl -b on > dirs or > files then reapply chmod perms and recheck with the above. > > -- > Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada > > This email may be disturbing to some readers as it contains > too much technical detail. Reader discretion is advised. > [Data in binary units and prefixes, physical quantities in SI.] > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Objects in ACL cygwin win 10 2020-10-23 22:41 ` Jim McNamara @ 2020-10-23 23:12 ` Jim McNamara [not found] ` <9c03f3ea-8989-5f93-41c4-4d832eaef94c@cs.umass.edu> 1 sibling, 0 replies; 11+ messages in thread From: Jim McNamara @ 2020-10-23 23:12 UTC (permalink / raw) To: Cygwin Hi all I think I figured out that the processes that the ACL object/identifier 'system' is referring to are like processes in sysinternals process explorer . Not sure but that is my best guess. If all else fails, I will chmod the hell out of everything until I beat stat command into submission. I will also be experimenting with your list of commands! Have a cool weekend. Thanks again for your help, Brian. Later On Fri, Oct 23, 2020, 6:41 PM Jim McNamara <nefariousscheme@gmail.com> wrote: > In more descriptive terms, an access control list is a list that > determines which system processes or users are granted access to an object > as well as what operations are permitted on the object. > > I tried to refer to the object 'system '. There are other objects like > administrator, administrators, user, and everyone. > > Sorry, I tried to initially save keystrokes because I was typing on a > phone keyboard. Bad idea. > > Just wondering, for home users, that aren't using domains, with ACLs, > what type of objects are listed when you right click on a text file and > choose properties and security in the windows 10 file explorer from within > your cygwin install. > > I ask partially because with ACL as context, I cannot find a good example > of 'system' object and what it is used for. I figure it must be either > complicated or the opposite which is well understood . > > If you dont answer, I'm only frustrated with myself. > > Thanks for your help. > > Sorry Brian, > > Thanks, > Roboloki > > > > > > > > > On Fri, Oct 23, 2020, 5:31 PM Brian Inglis < > Brian.Inglis@systematicsw.ab.ca> wrote: > >> On 2020-10-23 14:02, Jim McNamara via Cygwin wrote: >> > I have : group everyone and my user sid as my ACLs with their >> permissions >> > in cygwin. I use chmod to set permissions and dont use fstab. >> > >> > Can someone please check by right clicking properties security tab in >> win >> > 10 and verify that is all I need? >> > >> > I'm not using any domains. >> > >> > I'm not sure if I need system object that is used for OS things. I dont >> > think so but am not sure. >> >> Not sure what you are asking about, but if you run >> >> $ ls -dl dir; getfacl dir; icacls dir >> $ ls -dl dir/file; getfacl dir/file; icacls dir/file >> >> you can see how POSIX perms get translated into POSIX ACLs and >> implemented as >> Windows ACLs. >> >> If anything appears complex or inconsistent, try running setfacl -b on >> dirs or >> files then reapply chmod perms and recheck with the above. >> >> -- >> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada >> >> This email may be disturbing to some readers as it contains >> too much technical detail. Reader discretion is advised. >> [Data in binary units and prefixes, physical quantities in SI.] >> -- >> Problem reports: https://cygwin.com/problems.html >> FAQ: https://cygwin.com/faq/ >> Documentation: https://cygwin.com/docs.html >> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple >> > ^ permalink raw reply [flat|nested] 11+ messages in thread
[parent not found: <9c03f3ea-8989-5f93-41c4-4d832eaef94c@cs.umass.edu>]
[parent not found: <CAEMWCRvrVGvfX_3yP7XF6SmNtFXd9UwQVahq1bRL1tazBbCibg@mail.gmail.com>]
* Fwd: Objects in ACL cygwin win 10 [not found] ` <CAEMWCRvrVGvfX_3yP7XF6SmNtFXd9UwQVahq1bRL1tazBbCibg@mail.gmail.com> @ 2020-10-24 3:49 ` Jim McNamara 2020-10-24 4:43 ` Brian Inglis 2020-10-24 4:44 ` Brian Inglis 0 siblings, 2 replies; 11+ messages in thread From: Jim McNamara @ 2020-10-24 3:49 UTC (permalink / raw) To: cygwin ---------- Forwarded message > Date: Fri, Oct 23, 2020, 11:48 PM Subject: Re: Objects in ACL cygwin win 10 To: moss> Hi elliot Thanks for you and Brian helping me. I used icacls cygwin /q /c /t reset Thanks! Roboloki On Fri, Oct 23, 2020, 10:06 PM Eliot Moss <moss@cs.umass.edu> wrote: > I have to admit I am not 100% sure what you are asking, but I am careful > to grant SYSTEM access so > that my backup program can access and save a copy of virtually everything > ... > > EM > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10 2020-10-24 3:49 ` Fwd: " Jim McNamara @ 2020-10-24 4:43 ` Brian Inglis 2020-10-24 4:44 ` Brian Inglis 1 sibling, 0 replies; 11+ messages in thread From: Brian Inglis @ 2020-10-24 4:43 UTC (permalink / raw) To: cygwin On 2020-10-23 21:49, Jim McNamara via Cygwin wrote: > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote: >> I have to admit I am not 100% sure what you are asking, but I am careful >> to grant SYSTEM access so >> that my backup program can access and save a copy of virtually everything > Thanks for you and Brian helping me. > I used icacls cygwin /q /c /t reset You have to be very careful using icacls and other Windows commands with Cygwin ACLs as "ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants" and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows File Explorer often does not consider Cygwin ACLs in what it considers canonical order and requires them to be reordered, which breaks the Cygwin permissions. Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with BUILTIN/Administrators, as users, groups, or both: $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; echo; icacls C:/Users/ drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/ # file: /proc/cygdrive/c/Users/ # owner: SYSTEM # group: SYSTEM user::rwx group::r-x group:Administrators:rwx #effective:r-x group:Users:r-x mask::r-x other::r-x default:user::rwx default:group::--- default:group:Administrators:rwx #effective:r-x default:group:Users:r-x default:mask::r-x default:other::r-x C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) BUILTIN\Users:(RX) BUILTIN\Users:(OI)(CI)(IO)(GR,GE) Everyone:(RX) Everyone:(OI)(CI)(IO)(GR,GE) Successfully processed 1 files; Failed processing 0 files -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10 2020-10-24 3:49 ` Fwd: " Jim McNamara 2020-10-24 4:43 ` Brian Inglis @ 2020-10-24 4:44 ` Brian Inglis 2020-10-24 7:02 ` Jim McNamara 1 sibling, 1 reply; 11+ messages in thread From: Brian Inglis @ 2020-10-24 4:44 UTC (permalink / raw) To: cygwin On 2020-10-23 21:49, Jim McNamara via Cygwin wrote: > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote: >> I have to admit I am not 100% sure what you are asking, but I am careful >> to grant SYSTEM access so >> that my backup program can access and save a copy of virtually everything > Thanks for you and Brian helping me. > I used icacls cygwin /q /c /t reset You have to be very careful using icacls and other Windows commands with Cygwin ACLs as "ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants" and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows File Explorer often does not consider Cygwin ACLs in what it considers canonical order and requires them to be reordered, which breaks the Cygwin permissions. Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with BUILTIN/Administrators, as users, groups, or both: $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; echo; icacls C:/Users/ drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/ # file: /proc/cygdrive/c/Users/ # owner: SYSTEM # group: SYSTEM user::rwx group::r-x group:Administrators:rwx #effective:r-x group:Users:r-x mask::r-x other::r-x default:user::rwx default:group::--- default:group:Administrators:rwx #effective:r-x default:group:Users:r-x default:mask::r-x default:other::r-x C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) BUILTIN\Users:(RX) BUILTIN\Users:(OI)(CI)(IO)(GR,GE) Everyone:(RX) Everyone:(OI)(CI)(IO)(GR,GE) Successfully processed 1 files; Failed processing 0 files -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.] -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10 2020-10-24 4:44 ` Brian Inglis @ 2020-10-24 7:02 ` Jim McNamara 2020-10-24 7:09 ` Jim McNamara 2020-10-25 9:19 ` Andrey Repin 0 siblings, 2 replies; 11+ messages in thread From: Jim McNamara @ 2020-10-24 7:02 UTC (permalink / raw) To: cygwin Hi Brian Yes, I see now what you are saying. Didn't know why it behaves like that. Do you reccomend: A. Noacl option in fstab B. Reinstall and leave icacls in windows alone so I can deploy in future with runtime Thnx, Roboloki On Sat, Oct 24, 2020, 12:46 AM Brian Inglis <Brian.Inglis@systematicsw.ab.ca> wrote: > On 2020-10-23 21:49, Jim McNamara via Cygwin wrote: > > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote: > > >> I have to admit I am not 100% sure what you are asking, but I am careful > >> to grant SYSTEM access so > >> that my backup program can access and save a copy of virtually > everything > > > Thanks for you and Brian helping me. > > I used icacls cygwin /q /c /t reset > > You have to be very careful using icacls and other Windows commands with > Cygwin > ACLs as > > "ICACLS preserves the canonical ordering of ACE entries: > Explicit denials > Explicit grants > Inherited denials > Inherited grants" > > and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows > File > Explorer often does not consider Cygwin ACLs in what it considers canonical > order and requires them to be reordered, which breaks the Cygwin > permissions. > > Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with > BUILTIN/Administrators, > as users, groups, or both: > > $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; > echo; > icacls C:/Users/ > drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/ > > # file: /proc/cygdrive/c/Users/ > # owner: SYSTEM > # group: SYSTEM > user::rwx > group::r-x > group:Administrators:rwx #effective:r-x > group:Users:r-x > mask::r-x > other::r-x > default:user::rwx > default:group::--- > default:group:Administrators:rwx #effective:r-x > default:group:Users:r-x > default:mask::r-x > default:other::r-x > > C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F) > BUILTIN\Administrators:(OI)(CI)(F) > BUILTIN\Users:(RX) > BUILTIN\Users:(OI)(CI)(IO)(GR,GE) > Everyone:(RX) > Everyone:(OI)(CI)(IO)(GR,GE) > > Successfully processed 1 files; Failed processing 0 files > > -- > Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada > > This email may be disturbing to some readers as it contains > too much technical detail. Reader discretion is advised. > [Data in binary units and prefixes, physical quantities in SI.] > > -- > Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada > > This email may be disturbing to some readers as it contains > too much technical detail. Reader discretion is advised. > [Data in binary units and prefixes, physical quantities in SI.] > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10 2020-10-24 7:02 ` Jim McNamara @ 2020-10-24 7:09 ` Jim McNamara 2020-10-24 7:35 ` Brian Inglis 2020-10-25 9:19 ` Andrey Repin 1 sibling, 1 reply; 11+ messages in thread From: Jim McNamara @ 2020-10-24 7:09 UTC (permalink / raw) To: cygwin I decided to go with b. since windows ntfs wont recognize a and I want to deploy. Im using cygwin to make agar gui apps for cobol (at least that is the plan). Thnx brian! On Sat, Oct 24, 2020, 3:02 AM Jim McNamara <nefariousscheme@gmail.com> wrote: > Hi Brian > > Yes, I see now what you are saying. Didn't know why it behaves like that. > Do you reccomend: > > A. Noacl option in fstab > B. Reinstall and leave icacls in windows alone so I can deploy in future > with runtime > > Thnx, > Roboloki > > On Sat, Oct 24, 2020, 12:46 AM Brian Inglis < > Brian.Inglis@systematicsw.ab.ca> wrote: > >> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote: >> > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote: >> >> >> I have to admit I am not 100% sure what you are asking, but I am >> careful >> >> to grant SYSTEM access so >> >> that my backup program can access and save a copy of virtually >> everything >> >> > Thanks for you and Brian helping me. >> > I used icacls cygwin /q /c /t reset >> >> You have to be very careful using icacls and other Windows commands with >> Cygwin >> ACLs as >> >> "ICACLS preserves the canonical ordering of ACE entries: >> Explicit denials >> Explicit grants >> Inherited denials >> Inherited grants" >> >> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows >> File >> Explorer often does not consider Cygwin ACLs in what it considers >> canonical >> order and requires them to be reordered, which breaks the Cygwin >> permissions. >> >> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with >> BUILTIN/Administrators, >> as users, groups, or both: >> >> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; >> echo; >> icacls C:/Users/ >> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/ >> >> # file: /proc/cygdrive/c/Users/ >> # owner: SYSTEM >> # group: SYSTEM >> user::rwx >> group::r-x >> group:Administrators:rwx #effective:r-x >> group:Users:r-x >> mask::r-x >> other::r-x >> default:user::rwx >> default:group::--- >> default:group:Administrators:rwx #effective:r-x >> default:group:Users:r-x >> default:mask::r-x >> default:other::r-x >> >> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F) >> BUILTIN\Administrators:(OI)(CI)(F) >> BUILTIN\Users:(RX) >> BUILTIN\Users:(OI)(CI)(IO)(GR,GE) >> Everyone:(RX) >> Everyone:(OI)(CI)(IO)(GR,GE) >> >> Successfully processed 1 files; Failed processing 0 files >> >> -- >> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada >> >> This email may be disturbing to some readers as it contains >> too much technical detail. Reader discretion is advised. >> [Data in binary units and prefixes, physical quantities in SI.] >> >> -- >> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada >> >> This email may be disturbing to some readers as it contains >> too much technical detail. Reader discretion is advised. >> [Data in binary units and prefixes, physical quantities in SI.] >> -- >> Problem reports: https://cygwin.com/problems.html >> FAQ: https://cygwin.com/faq/ >> Documentation: https://cygwin.com/docs.html >> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple >> > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10 2020-10-24 7:09 ` Jim McNamara @ 2020-10-24 7:35 ` Brian Inglis 0 siblings, 0 replies; 11+ messages in thread From: Brian Inglis @ 2020-10-24 7:35 UTC (permalink / raw) To: cygwin On 2020-10-24 01:09, Jim McNamara via Cygwin wrote: > On Sat, Oct 24, 2020, 3:02 AM Jim McNamara wrote: >> On Sat, Oct 24, 2020, 12:46 AM Brian Inglis wrote: >>> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote: >>>> On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote: >>>>> I have to admit I am not 100% sure what you are asking, but I am >>>>> careful to grant SYSTEM access so that my backup program can access >>>>> and save a copy of virtually everything >>>> Thanks for you and Brian helping me. >>>> I used icacls cygwin /q /c /t reset >>> You have to be very careful using icacls and other Windows commands with >>> Cygwin >>> ACLs as >>> >>> "ICACLS preserves the canonical ordering of ACE entries: >>> Explicit denials >>> Explicit grants >>> Inherited denials >>> Inherited grants" >>> >>> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows >>> File >>> Explorer often does not consider Cygwin ACLs in what it considers >>> canonical >>> order and requires them to be reordered, which breaks the Cygwin >>> permissions. >>> >>> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with >>> BUILTIN/Administrators, >>> as users, groups, or both: >>> >>> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; >>> echo; >>> icacls C:/Users/ >>> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/ >>> >>> # file: /proc/cygdrive/c/Users/ >>> # owner: SYSTEM >>> # group: SYSTEM >>> user::rwx >>> group::r-x >>> group:Administrators:rwx #effective:r-x >>> group:Users:r-x >>> mask::r-x >>> other::r-x >>> default:user::rwx >>> default:group::--- >>> default:group:Administrators:rwx #effective:r-x >>> default:group:Users:r-x >>> default:mask::r-x >>> default:other::r-x >>> >>> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F) >>> BUILTIN\Administrators:(OI)(CI)(F) >>> BUILTIN\Users:(RX) >>> BUILTIN\Users:(OI)(CI)(IO)(GR,GE) >>> Everyone:(RX) >>> Everyone:(OI)(CI)(IO)(GR,GE) >>> >>> Successfully processed 1 files; Failed processing 0 files >> Yes, I see now what you are saying. Didn't know why it behaves like that. >> Do you reccomend: >> >> A. Noacl option in fstab >> B. Reinstall and leave icacls in windows alone so I can deploy in future >> with runtime > I decided to go with b. since windows ntfs wont recognize a and I want to > deploy. I'm using cygwin to make agar gui apps for cobol (at least that is > the plan). That's normally the best way, although it may also be okay to add ACEs with permission grants to groups as normal, or equivalents via GPOs. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Fwd: Objects in ACL cygwin win 10 2020-10-24 7:02 ` Jim McNamara 2020-10-24 7:09 ` Jim McNamara @ 2020-10-25 9:19 ` Andrey Repin 1 sibling, 0 replies; 11+ messages in thread From: Andrey Repin @ 2020-10-25 9:19 UTC (permalink / raw) To: Jim McNamara, cygwin Greetings, Jim McNamara! Please no top-posting in this list. >> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote: >> > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote: >> >> >> I have to admit I am not 100% sure what you are asking, but I am careful >> >> to grant SYSTEM access so >> >> that my backup program can access and save a copy of virtually >> everything >> >> > Thanks for you and Brian helping me. >> > I used icacls cygwin /q /c /t reset >> >> You have to be very careful using icacls and other Windows commands with >> Cygwin >> ACLs as >> >> "ICACLS preserves the canonical ordering of ACE entries: >> Explicit denials >> Explicit grants >> Inherited denials >> Inherited grants" >> >> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows >> File >> Explorer often does not consider Cygwin ACLs in what it considers canonical >> order and requires them to be reordered, which breaks the Cygwin >> permissions. >> >> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with >> BUILTIN/Administrators, >> as users, groups, or both: >> >> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; >> echo; >> icacls C:/Users/ >> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/ >> >> # file: /proc/cygdrive/c/Users/ >> # owner: SYSTEM >> # group: SYSTEM >> user::rwx >> group::r-x >> group:Administrators:rwx #effective:r-x >> group:Users:r-x >> mask::r-x >> other::r-x >> default:user::rwx >> default:group::--- >> default:group:Administrators:rwx #effective:r-x >> default:group:Users:r-x >> default:mask::r-x >> default:other::r-x >> >> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F) >> BUILTIN\Administrators:(OI)(CI)(F) >> BUILTIN\Users:(RX) >> BUILTIN\Users:(OI)(CI)(IO)(GR,GE) >> Everyone:(RX) >> Everyone:(OI)(CI)(IO)(GR,GE) >> >> Successfully processed 1 files; Failed processing 0 files >> > Yes, I see now what you are saying. Didn't know why it behaves like that. > Do you reccomend: > A. Noacl option in fstab > B. Reinstall and leave icacls in windows alone so I can deploy in future > with runtime C. Reinstall Cygwin into a new directory (or backup the current one and reinstall). Use noacl option for directories outside Cygwin tree (i.e. /cygdrive). -- With best regards, Andrey Repin Sunday, October 25, 2020 12:07:33 Sorry for my terrible english... ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2020-10-25 9:20 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-10-23 20:02 Objects in ACL cygwin win 10 Jim McNamara 2020-10-23 21:30 ` Brian Inglis 2020-10-23 22:41 ` Jim McNamara 2020-10-23 23:12 ` Jim McNamara [not found] ` <9c03f3ea-8989-5f93-41c4-4d832eaef94c@cs.umass.edu> [not found] ` <CAEMWCRvrVGvfX_3yP7XF6SmNtFXd9UwQVahq1bRL1tazBbCibg@mail.gmail.com> 2020-10-24 3:49 ` Fwd: " Jim McNamara 2020-10-24 4:43 ` Brian Inglis 2020-10-24 4:44 ` Brian Inglis 2020-10-24 7:02 ` Jim McNamara 2020-10-24 7:09 ` Jim McNamara 2020-10-24 7:35 ` Brian Inglis 2020-10-25 9:19 ` Andrey Repin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).