* Trying to create default ACL entries to match file ACL entries @ 2019-06-04 19:34 L A Walsh 2019-06-04 19:44 ` Eliot Moss 2019-06-04 21:34 ` Chris Wagner 0 siblings, 2 replies; 8+ messages in thread From: L A Walsh @ 2019-06-04 19:34 UTC (permalink / raw) To: cygwin I am trying to create an entry for '/' (or '.' w/me sitting in '/') where the default entries are the same as the file entries. I noticed the example give in the manpage for copying entries: The special filename "-" indicates reading from stdin. Note that you can use this with getfacl and setfacl to copy ACLs from one file to another: $ getfacl source_file | setfacl -f - target_file so tried doing: getfacl . | setfacl -d - . But keep running into: setfacl: missing entries. Also tried writing to a file and modifying that. Last try had: # file: . # owner: Bliss\law # group: Bliss\lawgroup default:user:Bliss\law:rwx default:group:SYSTEM:rwx default:group:Bliss\lawgroup:rwx default:group:Bliss\Domain Admins:rwx default:group:Bliss\Domain Users:r-x default:group:Administrators:rwx default:other::r-x mask::rwx user::rwx group::rwx other::r-x ---- But still with: /> setfacl -f /tmp/norm . got: setfacl: missing entries. Using it with '-d' just gave illegal acl entries, so that didn't work either. What am I missing? Thanks! -linda -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Trying to create default ACL entries to match file ACL entries 2019-06-04 19:34 Trying to create default ACL entries to match file ACL entries L A Walsh @ 2019-06-04 19:44 ` Eliot Moss 2019-06-04 19:59 ` L A Walsh 2019-06-04 21:34 ` Chris Wagner 1 sibling, 1 reply; 8+ messages in thread From: Eliot Moss @ 2019-06-04 19:44 UTC (permalink / raw) To: cygwin On 6/4/2019 3:34 PM, L A Walsh wrote: > I am trying to create an entry for '/' (or '.' w/me sitting in '/') > where the default entries are the same as the file entries. Ooooo ... not sure _I'd_ mess what / on a Windows system! > I noticed the example give in the manpage for copying entries: > > The special filename "-" indicates reading from stdin. > Note that you can use this with getfacl and setfacl to copy ACLs from > one file to another: > > $ getfacl source_file | setfacl -f - target_file > > so tried doing: > > getfacl . | setfacl -d - . I have no problem doing: mkdir temp getfacl . | setfacl -f - temp getfacl temp | setfacl -f . getfacl / | setfacl -f . I didn't want to try setting things on /, but you might: cd / mkdir foo getfacl foo | setfacl -f - . But I am not sure what foo would have as its permission, i.e., whether they are what you want. Regards - EM -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Trying to create default ACL entries to match file ACL entries 2019-06-04 19:44 ` Eliot Moss @ 2019-06-04 19:59 ` L A Walsh 2019-06-04 21:26 ` Brian Inglis 0 siblings, 1 reply; 8+ messages in thread From: L A Walsh @ 2019-06-04 19:59 UTC (permalink / raw) To: cygwin lets see if this is more clear: On 2019/06/04 12:44, Eliot Moss wrote: > On 6/4/2019 3:34 PM, L A Walsh wrote: > >> I am trying to create an entry for '/' (or '.' w/me sitting in '/') >> where the default entries are the same as the file entries. >> ^^^^^^^ >> >> so tried doing: >> >> getfacl . | setfacl -d - . >> Sorry, but am trying to get the 'file' entries (w/o the -d) copied into the default. On 2019/06/04 12:44, Eliot Moss wrote: > Ooooo ... not sure _I'd_ mess what / on a Windows system! > ----- Ya, not idea, but too late for that. Thanks for your vote of confidence though! :waaaaa: :-( -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Trying to create default ACL entries to match file ACL entries 2019-06-04 19:59 ` L A Walsh @ 2019-06-04 21:26 ` Brian Inglis 2019-06-04 21:58 ` L A Walsh 0 siblings, 1 reply; 8+ messages in thread From: Brian Inglis @ 2019-06-04 21:26 UTC (permalink / raw) To: cygwin On 2019-06-04 13:59, L A Walsh wrote: > lets see if this is more clear: > On 2019/06/04 12:44, Eliot Moss wrote: >> On 6/4/2019 3:34 PM, L A Walsh wrote: >>> I am trying to create an entry for '/' (or '.' w/me sitting in '/') >>> where the default entries are the same as the file entries. >>> ^^^^^^^ >>> so tried doing: >>> getfacl . | setfacl -d - . > Sorry, but am trying to get the 'file' entries (w/o the -d) > copied into the default. Not seeing -d, --default documented or supported in the code as an option flag under Cygwin: it is available under Debian/Ubuntu at least, and probably other Linux; neither are the file input option flags -M, --modify-file, -X, --remove-file, or symbolic link -L, --logical, -P, --physical, or -R, --recursive option flags. Cygwin equivalent based on setfacl(1) would be something like: $ getfacl -a source_file | sed 's/.*/&\nd:&/' | setfacl -f - target_file where you are getting and duplicating the file accesses and also creating the DACLs. > On 2019/06/04 12:44, Eliot Moss wrote: >> Ooooo ... not sure _I'd_ mess what / on a Windows system! > ----- > Ya, not idea, but too late for that. Thanks for your > vote of confidence though! :waaaaa: :-( I have had success using only setfacl -m and specifying everything I want changed or set in that argument e.g. $ setfacl -m u::rwx,g::r-x,o::r-x,d:u::rwx,d:g::r-x,d:o::r-x / probably using an admin account running with elevated permissions in this case. For Cygwin root /, I have only: $ lsp / | cygcheck-hrsv.sed drwxr-xr-x+ 1 $USER Administrators 0 May 31 05:19 / # file: / # owner: $USER # group: Administrators user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:other::r-x C:/.../cygwin64 $HOSTNAME\$USER:(F) BUILTIN\Administrators:(RX) Everyone:(RX) CREATOR OWNER:(OI)(CI)(IO)(F) CREATOR GROUP:(OI)(CI)(IO)(RX) Everyone:(OI)(CI)(IO)(RX) Successfully processed 1 files; Failed processing 0 files -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Trying to create default ACL entries to match file ACL entries 2019-06-04 21:26 ` Brian Inglis @ 2019-06-04 21:58 ` L A Walsh 0 siblings, 0 replies; 8+ messages in thread From: L A Walsh @ 2019-06-04 21:58 UTC (permalink / raw) To: cygwin On 2019/06/04 14:26, Brian Inglis wrote: > On 2019-06-04 13:59, L A Walsh wrote: > >> lets see if this is more clear: >> On 2019/06/04 12:44, Eliot Moss wrote: >> >>> On 6/4/2019 3:34 PM, L A Walsh wrote: >>> >>>> I am trying to create an entry for '/' (or '.' w/me sitting in '/') >>>> where the default entries are the same as the file entries. >>>> ^^^^^^^ >>>> so tried doing: >>>> getfacl . | setfacl -d - . >>>> >> Sorry, but am trying to get the 'file' entries (w/o the -d) >> copied into the default. >> > > Not seeing -d, --default documented or supported in the code as an option flag > under Cygwin: it is available under Debian/Ubuntu at least, and probably other > Linux; Not to confuse things, but its under getfacl. silly me, thinking setfacl might have the same flag very confusing... So need to getfacl to get access perms, then turn them into a form for default acl... Sigh... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Trying to create default ACL entries to match file ACL entries 2019-06-04 19:34 Trying to create default ACL entries to match file ACL entries L A Walsh 2019-06-04 19:44 ` Eliot Moss @ 2019-06-04 21:34 ` Chris Wagner 2019-06-04 22:11 ` Brian Inglis 2019-06-06 19:44 ` how do i create a trusted-installer? (was Re: Trying to create default ACL entries to match file ACL entries) L A Walsh 1 sibling, 2 replies; 8+ messages in thread From: Chris Wagner @ 2019-06-04 21:34 UTC (permalink / raw) To: cygwin Hi Linda, / is just a mount to something like C:\Cygwin64 so there is no problem in changing it. You should delete all the target thing's permissions first to guarantee starting from a clean slate. $ setfacl -kb z2/ && getfacl z1/ |setfacl -f - z2/ This works for me with the latest packages. HTH, Chris -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Trying to create default ACL entries to match file ACL entries 2019-06-04 21:34 ` Chris Wagner @ 2019-06-04 22:11 ` Brian Inglis 2019-06-06 19:44 ` how do i create a trusted-installer? (was Re: Trying to create default ACL entries to match file ACL entries) L A Walsh 1 sibling, 0 replies; 8+ messages in thread From: Brian Inglis @ 2019-06-04 22:11 UTC (permalink / raw) To: cygwin On 2019-06-04 15:34, Chris Wagner wrote: > / is just a mount to something like C:\Cygwin64 so there is no problem > in changing it. > You should delete all the target thing's permissions first to guarantee starting > from a clean slate. > $ setfacl -kb z2/ && getfacl z1/ |setfacl -f - z2/ > This works for me with the latest packages. Watch out for valid DACLs if you want to be able to create files in any subdirectory from Windows programs or access them after creation: thar be grumblins! -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 8+ messages in thread
* how do i create a trusted-installer? (was Re: Trying to create default ACL entries to match file ACL entries) 2019-06-04 21:34 ` Chris Wagner 2019-06-04 22:11 ` Brian Inglis @ 2019-06-06 19:44 ` L A Walsh 1 sibling, 0 replies; 8+ messages in thread From: L A Walsh @ 2019-06-06 19:44 UTC (permalink / raw) To: cygwin On 2019/06/04 14:34, Chris Wagner wrote: > Hi Linda, / is just a mount to something like C:\Cygwin64 so there is no > problem in changing it. > ---- Uh...about that....oh my system '/' points to 'C:\'. Isn't life fun! I think I finally got it. I broke down and used "icacls" for fine tuning and now seem to have: \ NT SERVICE\TrustedInstaller:(F) NT SERVICE\TrustedInstaller:(OI)(CI)(F) Bliss\law:(OI)(CI)(F) BLISS\lawgroup:(OI)(CI)(F) BLISS\Domain Admins:(OI)(CI)(F) BLISS\Domain Users:(OI)(CI)(RX) BUILTIN\Administrators:(OI)(CI)(F) NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Users:(OI)(CI)(RX) Mandatory Label\High Mandatory Level:(OI)(CI)(NW) FWIW, BTW, I have two scripts (one in perl, one in shell) that convert from a SID<->a hex value as you might see in the registry, and back again. As much as I've been able to test they seem correct. and agree with other tools of the same ilk. You probably have your own, but if not, they are fairly trivial and being in either shell or perl they aren't too difficult to understand. If there is a want, I can just post them here, neither is very long. > wc sidhex_xlate.{pl,sh} 127 422 3067 sidhex_xlate.pl 193 566 4697 sidhex_xlate.sh 320 988 7764 total -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-06-06 19:44 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-06-04 19:34 Trying to create default ACL entries to match file ACL entries L A Walsh 2019-06-04 19:44 ` Eliot Moss 2019-06-04 19:59 ` L A Walsh 2019-06-04 21:26 ` Brian Inglis 2019-06-04 21:58 ` L A Walsh 2019-06-04 21:34 ` Chris Wagner 2019-06-04 22:11 ` Brian Inglis 2019-06-06 19:44 ` how do i create a trusted-installer? (was Re: Trying to create default ACL entries to match file ACL entries) L A Walsh
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).