From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 113876 invoked by alias); 10 Mar 2019 14:09:39 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 113715 invoked by uid 89); 10 Mar 2019 14:09:38 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-4.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,RCVD_IN_DNSWL_LOW,UNSUBSCRIBE_BODY,WEIRD_QUOTING autolearn=ham version=3.3.1 spammy=grief, HX-Languages-Length:3159, disturbing, Advanced X-HELO: smtp-out-so.shaw.ca Received: from smtp-out-so.shaw.ca (HELO smtp-out-so.shaw.ca) (64.59.136.139) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 10 Mar 2019 14:09:37 +0000 Received: from [192.168.1.114] ([24.64.172.44]) by shaw.ca with ESMTP id 2z8whCDOJD1hy2z8xhjFDX; Sun, 10 Mar 2019 08:09:35 -0600 Reply-To: Brian.Inglis@SystematicSw.ab.ca Subject: Re: win dirs don't handle lack of inherited rule(?): getfacl + tar dir Warning: Cannot acl_to_text: Invalid argument To: cygwin@cygwin.com References: <5C81E2EE.7020708@tlinx.org> <20190308121543.GI3785@calimero.vinschen.de> <5C84EB7B.70408@tlinx.org> From: Brian Inglis Openpgp: preference=signencrypt Message-ID: <7a3eaccf-511a-b71f-7f99-45a9bef35b29@SystematicSw.ab.ca> Date: Sun, 10 Mar 2019 14:09:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 In-Reply-To: <5C84EB7B.70408@tlinx.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2019-03/txt/msg00218.txt.bz2 On 2019-03-10 04:48, L A Walsh wrote: > On 3/8/2019 4:15 AM, Corinna Vinschen wrote: >> On Mar 7 19:35, L A Walsh wrote: >>> I ran tar on another directory and got a huge number** >>> of these: >>> tar: rules: Warning: Cannot acl_to_text: Invalid argument >>> tar: adblockplus: Warning: Cannot acl_to_text: Invalid argument >>> tar: autopager: Warning: Cannot acl_to_text: Invalid argument >>> tar: bookmarkbackups: Warning: Cannot acl_to_text: Invalid argument >>> --- Losing/not having default ACLs (DACLs) defined on directories can cause Cygwin grief as it will be unable to access files in those directories, whereas Explorer seems to ignore the lack of DACLs and allow you to browse the files. >> Can you please provide the cacls or icacls command creating >> a directory that allows to reproduce the issue? > > I doubt that area of my disk has ever been manipulated by > cacls or icacls. That's in my roaming profile. Define this sh function, run it on problematic directories or files, and reply with the output: # lsp - list permissions with ls, getfacl, icacls lsp () { local p; for p in "$@"; do ls --color=auto -dl "$p"; getfacl "$p"; icacls "$(cygpath -m ""$p"")"; done } e.g. and running my cygcheck sanitizer over the output: $ lsp ~ | cygcheck-hrsv.sed drwxrwx---+ 1 SYSTEM SYSTEM 0 Mar 10 07:07 /home/$USER # file: /home/$USER # owner: SYSTEM # group: SYSTEM user::rwx user:$USER:rwx group::--- group:Administrators:rwx mask::rwx other::--- default:user::rwx default:user:$USER:rwx default:group::--- default:group:Administrators:rwx default:mask::rwx default:other::--- C:/Users/$USER NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) $HOSTNAME\$USER:(OI)(CI)(F) Successfully processed 1 files; Failed processing 0 files > One thing that may be confusing some software is, what seems like > cygwin adding the NULL SID with deny entries but also, according > to the explorer security dialog, "out of normal order for them to be > effective". So it auto-reorders them if it tries to write to them. > > If that could be cleaned up, so explorer and other software wouldn't > think the ACL is "out of order" and want to re-arrange it, that might > help. It can't be good for different pieces of software to constantly > be trying to apply their own "standards". Windows doesn't know how to do POSIX ACLs so Cygwin works around those limitations using equivalent Windows ACLs. Just because Explorer does not understand those ACLs' order does not mean they are invalid or wrong: just not set via the Explorer interface using its simple approach - only Explorer is confused; that's why Explorer has an Advanced security pane - to set stuff Explorer can't. Don't let Explorer cleanup, fix, or reorder those ACLs to avoid grief! Explorer dislikes a lot of what I work with, so I don't use Explorer much: pcmanfm works for me. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple