From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138]) by sourceware.org (Postfix) with ESMTPS id 519D6385703D for ; Sat, 24 Oct 2020 04:44:09 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 519D6385703D Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSw.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca Received: from [192.168.1.104] ([24.64.172.44]) by shaw.ca with ESMTP id WBPUkAPzektFkWBPVkq2kv; Fri, 23 Oct 2020 22:44:09 -0600 X-Authority-Analysis: v=2.4 cv=NYRYa0P4 c=1 sm=1 tr=0 ts=5f93b119 a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17 a=IkcTkHD0fZMA:10 a=uYT-Tk0qkVT609LjNaIA:9 a=QEXdDO2ut3YA:10 From: Brian Inglis Subject: Re: Fwd: Objects in ACL cygwin win 10 Reply-To: cygwin@cygwin.com To: cygwin@cygwin.com References: <3f0e071c-66c7-b6e8-f907-40a333872d07@SystematicSw.ab.ca> <9c03f3ea-8989-5f93-41c4-4d832eaef94c@cs.umass.edu> Autocrypt: addr=Brian.Inglis@SystematicSw.ab.ca; prefer-encrypt=mutual; keydata= mDMEXopx8xYJKwYBBAHaRw8BAQdAnCK0qv/xwUCCZQoA9BHRYpstERrspfT0NkUWQVuoePa0 LkJyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFN5c3RlbWF0aWNTdy5hYi5jYT6IlgQTFggA PhYhBMM5/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW AgMBAh4BAheAAAoJEB62lxu92I8Y0ioBAI8xrggNxziAVmr+Xm6nnyjoujMqWcq3oEhlYGAO WacZAQDFtdDx2koSVSoOmfaOyRTbIWSf9/Cjai29060fsmdsDLg4BF6KcfMSCisGAQQBl1UB BQEBB0Awv8kHI2PaEgViDqzbnoe8B9KMHoBZLS92HdC7ZPh8HQMBCAeIfgQYFggAJhYhBMM5 /lbU970GBS2bZB62lxu92I8YBQJeinHzAhsMBQkJZgGAAAoJEB62lxu92I8YZwUBAJw/74rF IyaSsGI7ewCdCy88Lce/kdwX7zGwid+f8NZ3AQC/ezTFFi5obXnyMxZJN464nPXiggtT9gN5 RSyTY8X+AQ== Organization: Systematic Software Message-ID: <83773bf8-4ec6-d2ed-b2ba-37e64cc7dcc0@SystematicSw.ab.ca> Date: Fri, 23 Oct 2020 22:44:07 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-CA Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4xfMVbEL0jM9lJW9pG/911ck4azHH8UJ74NXtMTVEbgPW5Rt63cQvQKYqIOazHUzkkb7LnwOfNFKmzFEzIOkrIXl33q1e5Mi5hQJMwGpnQFiFcsZ4cF04K 9ay3nsN07fIckoQxyMR2HJELDSMltFM+1ipyYpFUFIjf5pnS/Qn/MWnkIVke21X2gMjgBUXN91LVCIMaI5EgWuXiTNm/4MJ1qmY= X-Spam-Status: No, score=-6.3 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_NUMSUBJECT, NICE_REPLY_A, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Oct 2020 04:44:10 -0000 On 2020-10-23 21:49, Jim McNamara via Cygwin wrote: > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote: >> I have to admit I am not 100% sure what you are asking, but I am careful >> to grant SYSTEM access so >> that my backup program can access and save a copy of virtually everything > Thanks for you and Brian helping me. > I used icacls cygwin /q /c /t reset You have to be very careful using icacls and other Windows commands with Cygwin ACLs as "ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants" and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows File Explorer often does not consider Cygwin ACLs in what it considers canonical order and requires them to be reordered, which breaks the Cygwin permissions. Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with BUILTIN/Administrators, as users, groups, or both: $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; echo; icacls C:/Users/ drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/ # file: /proc/cygdrive/c/Users/ # owner: SYSTEM # group: SYSTEM user::rwx group::r-x group:Administrators:rwx #effective:r-x group:Users:r-x mask::r-x other::r-x default:user::rwx default:group::--- default:group:Administrators:rwx #effective:r-x default:group:Users:r-x default:mask::r-x default:other::r-x C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) BUILTIN\Users:(RX) BUILTIN\Users:(OI)(CI)(IO)(GR,GE) Everyone:(RX) Everyone:(OI)(CI)(IO)(GR,GE) Successfully processed 1 files; Failed processing 0 files -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.] -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.]