From: L A Walsh <cygwin@tlinx.org>
To: cygwin@cygwin.com
Subject: Re: objects created in a dir w/cygwin mangled perms; inherit no-access
Date: Tue, 06 Jul 2021 06:55:19 -0700 [thread overview]
Message-ID: <60E460C7.7010203@tlinx.org> (raw)
In-Reply-To: <514405575.20210704172015@yandex.ru>
On 2021/07/04 07:20, Andrey Repin wrote:
> The "+" at the end indicates presence of extended permissions.
---
Ya, that's what I was referring to when I wrote about
having 5 deny records at the front, though that didn't necessarily
stand out. ⍨
Aside from the extended permissions, though, the net result
was me getting a 'no access' when I tried to look into the
directory with explorer. While I did have access via a local
shell, I also have no-access from bash on a remote system (the
samba domain controller on linux):
> echo -n $(uname -n):;id |sed 's/groups.*//'
Ishtar:uid=5013(law) gid=201(lawgroup)
> ls -l newdir
ls: reading directory 'newdir': Permission denied
> ls -dl newdir
dr-xrwxr-x 2 law lawgroup 0 Jul 6 05:20 newdir/
On local machine, same:
> echo -n $(uname -n):;id |sed 's/groups.*//'
Athenae:uid=5013(Bliss\law) gid=201(Bliss\lawgroup)
ls -dxlF newdir
d---rwxr-x+ 1 Bliss\law Bliss\lawgroup 0 Jul 6 05:20 newdir/
>
> What getfacl says?
# file: newdir
# owner: Bliss\law
# group: Bliss\lawgroup
user::---
user:root:---
user:law:---
user:Astara:---
group::rwx
group:SYSTEM:rwx
group:Administrators:rwx
group:Users:r-x
mask::rwx
other::r-x
default:user::---
default:user:root:---
default:user:law:---
default:user:Astara:---
default:group::rwx
default:group:SYSTEM:rwx
default:group:Administrators:rwx
default:group:Users:r-x
default:mask::rwx
default:other::r-x
> What is "progd" ? Did you mount some directory into Cygwin tree?
Sorta, actually the cygtree mounted at 'C:\'.
So 2 Junctions and 1 symlinkd
/Progd => /ProgramData/
/Prog => /Program Files (x86)/
/Prog64 => /Program Files/
>
>> Of course I can overide, but why are such weird acls on
>> this anyway? -- especially when it doesn't seem to really
>> work?
>
> Probably because of interpretation of the original Windows permissions.
---
Not exactly, I don't think.
Windows doesn't add "DENY" entries up front.
Seems like there should be a better way since MS's
subsystem for UNIX didn't seem to use all those
DENY entries that I ever saw. Am guessing they
somehow came from those default CREATOR U/G entries
on the parent directory. This problem has been
around for a few years.
Certainly, having it create no-access dirs
for the user isn't desirable. I'm betting that they'd
be denied locally as well if my local user didn't
have admin override rights.
next prev parent reply other threads:[~2021-07-06 13:57 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-04 5:44 L A Walsh
2021-07-04 14:20 ` Andrey Repin
2021-07-06 13:55 ` L A Walsh [this message]
2021-07-07 18:43 ` Andrey Repin
2021-07-15 7:02 ` L A Walsh
2021-07-15 8:23 ` Sam Edge
2021-08-23 19:31 ` L A Walsh
2021-08-24 6:19 ` Sam Edge
2021-07-16 4:44 ` Andrey Repin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=60E460C7.7010203@tlinx.org \
--to=cygwin@tlinx.org \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).