From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) by sourceware.org (Postfix) with ESMTPS id B26363858D20 for ; Sun, 17 Mar 2024 00:06:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B26363858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B26363858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::d32 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710633977; cv=none; b=EasEy0xpxzj0WTLJwZeI2eI7qXPCM0vMvFLHY2dmefabPG+BiZwq9uumSTKhvN0Du5+THggz3eGd1CyANjPNnwsc4VDibFqPPdQUyo8nAFP1OtWm4ebYBpBdndT572Mz2765Hiiv2TH8D+dnyOkus8cbDGm7r6yGuThdPIDSiUY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710633977; c=relaxed/simple; bh=Z8xGZt7RiasShJhzVmAErOq3x26mQFohQK6WsjYz5A8=; h=DKIM-Signature:From:Message-ID:Date:MIME-Version:To:Subject; b=r7Lc0T2ULTSgABwY5FCKdYydkSXRhOdgxCvgqZ+5dYD+j5y6mOhbhSnM/aWdr7Ee2oIN29GY3Zzkp9cvzV9HIJQXHDzxiVhrWgw60Vg9+GuyS8C9DpaHgbXU5BKf27Sp/PMqc337OIh0thtv6CSAKYBM82UrvMzHDe9DTTQ4hZE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-io1-xd32.google.com with SMTP id ca18e2360f4ac-7bc332d3a8cso149958239f.2 for ; Sat, 16 Mar 2024 17:06:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710633973; x=1711238773; darn=cygwin.com; h=subject:to:content-language:user-agent:mime-version:date:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=00IDM3PZo8QAnkWVps6Gycnhcn6b+sxgO6WWmKM8CT0=; b=Otbb18KmNbMBsYzI/RDZ6fxpaytrYE9JOYZ4vys4BDII7Y733ATDfv8msDS2V9Y5ck 4MOMfKIcdBGal1DmzN59j/619FT6GWcJW0QQatB9tlK1eJ4qxkXkF91vw8ijumW5fgJL +TSCArNbSbM0ctVLB/0U5kSti6pOiikXznqDC8qOcGX/0Bf+NOwUI1VgWRuZYGxnGV99 QUyIxRP7O8BGfQJTs70IJEub3U9TdRXcD9Y76PC3Y7SLWJeuPnfj8WjxQNpk7QsTEXxs zRkcJ0PqLMqrGy2Wv/2l5SlUeaU/Qd0Ehn1TsXTyVGYBrlXp0HlWtB5ZrchR+iGteoA7 pLKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710633973; x=1711238773; h=subject:to:content-language:user-agent:mime-version:date:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=00IDM3PZo8QAnkWVps6Gycnhcn6b+sxgO6WWmKM8CT0=; b=DAwdCeotMCRCvYSLoJiGmJm+B7jvztauUE3OSn5zLhSDDiprDAIYYHE6j5Kvg9aBPf YkQGvXILpW4i7aksr9rBMz/UYCXZ+h8btX4IJjQDTP4LHxFdXXBhagbREwYZKcFy0krs 1j4tbf9r7LCM9AohTYWc1V/ggfNEvDxHEqrn38Xi2ESlW87Cqzp6Dd1xzNBwi1iTSAcR m/OehTwJJt7KovHI/+KA0ir/I4cgJWO8vxb/eNTRX0hCAR9LX/BUSCzP/IXMG2hy/zAX MdVMf5XEqLjIIhZ8qUV9xQOIzd3yBq9UM1Zj0XmjdXHsuPXEksnVFxBaxuorhwgdjhmF MM2g== X-Gm-Message-State: AOJu0Ywi26Jwaa6iiK7ZHXr4KaN8ReqtY3rlGEDubS2vgT8+rbYJzv8S FWYu0ldSKJmIX3gU5O1hw3f+jBtBhm28WrZ1Mh2K1z2XzADMDGeSAotskfE= X-Google-Smtp-Source: AGHT+IFd3zyHR5Ii20v4kjW13y67RHmLffKcfXse5M98sWisf+XHVj8TmxEPYedF217yxmUQmuTIaw== X-Received: by 2002:a6b:6b18:0:b0:7cc:c21:669e with SMTP id g24-20020a6b6b18000000b007cc0c21669emr2738388ioc.7.1710633973301; Sat, 16 Mar 2024 17:06:13 -0700 (PDT) Received: from [192.168.0.10] ([75.161.153.203]) by smtp.gmail.com with ESMTPSA id l12-20020a02cd8c000000b00476d7a99f34sm1509510jap.99.2024.03.16.17.06.12 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 16 Mar 2024 17:06:12 -0700 (PDT) From: "J. Terry Corbet" X-Google-Original-From: "J. Terry Corbet" Content-Type: multipart/alternative; boundary="------------NihvzIroIRbRK8jtBFAEZ6N1" Message-ID: <9bec816c-66ea-49cb-baaa-47137fa2938f@GMail.com> Date: Sat, 16 Mar 2024 18:05:59 -0600 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: cygwin@cygwin.com Subject: ACEs and ACLs X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,BODY_8BITS,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: This is a multi-part message in MIME format. --------------NihvzIroIRbRK8jtBFAEZ6N1 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit I have been using Cygwin for a long, long time.  That said, I would have to admit there is a good deal about the architecture and infrastructure I have never really investigated which is a huge compliment to those of you who maintain this wonderful framework. It mostly just works reliably and I've seldom needed to look beneath the covers. I am now, however, having major difficulties which are attributable to two fundamental changes in my environment, so let me first state what that is.  I have my private, in-home network configured to share multiple workstations and laptops via Ethernet or Wifi using SMB/CIFS [Windows Features setting] and access control based on the facts that a.) I have the same account name and b.) same password on all devices _and_ 3.) I am the administrator of each of them. For some three decades of different versions of Windows and Cygwin this has allowed me to operate from any particular workstation with access to almost every storage device on the network no matter to which specific processor those devices were attached.  Whether the file permissions covering the ability to create or delete a file, read or write a file, was coming from a cygwin program or some windows application, even when there were some fat partitions and some ntfs partitions, it was nearly seamless. So what has changed?  First, I unfortunately lost a motherboard last fall and struggling to recover, I had no real choice but to purchase a newer motherboard with a newer processor and the newer motherboard no longer supported booting from two Windows 7 instances that had coexisted with the primary Windows 10 instance on that hardware.. Next, I had to build another new system in order to begin to migrated to Windows 11.  So, as we speak my shared drives are all on hosts running Windows 10 and 11.  And Cygwin  -- a 32 bit version, a 64-bit version from about the beginning of the pandemic, and the most current 64-bit version  is installed -- is installed on some of them. Now with all that context, for which I apologize, but I think it will be essential to understanding and remedying my current inability to seamlessly create, modify and delete files.  So, let's move to what little I know of how I am supposed to manage that integration of a POSIX and a Windows way of managing permissions. Number 1, I have never touched etc/fstab -- everything has always had the well-behaved result from the single-line default setting in that file.  Number 2, despite my attempt to better acquaint myself with these matters, I have now become accustomed to using the icacls command both to view the state of the ACEs assigned to any given file and to modify them by the use use of the /reset command-line argument which always produces the state shown here as a result of my just creating a folder in which to test: cygshoot NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(F)          NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)          BUILTIN\Administrators:(I)(OI)(CI)(F)          BUILTIN\Users:(I)(OI)(CI)(RX) I then create a trivial text file via vim; vimtest.txt NULL SID:(DENY)(Rc,S,WEA,X,DC)             NW10\tcorbet:(R,W,D,WDAC,WO)             NW10\None:(DENY)(S,X)             NT AUTHORITY\Authenticated Users:(DENY)(S,X)             NT AUTHORITY\SYSTEM:(DENY)(S,X)             BUILTIN\Administrators:(DENY)(S,X)             BUILTIN\Users:(DENY)(S,X)             NW10\None:(RX)             NT AUTHORITY\Authenticated Users:(RX,W)             NT AUTHORITY\SYSTEM:(RX,W)             BUILTIN\Administrators:(RX,W)             BUILTIN\Users:(RX)             Everyone:(R) Then I do the same thing using notepad: FileExp.txt NT AUTHORITY\Authenticated Users:(I)(F)             NT AUTHORITY\SYSTEM:(I)(F)             BUILTIN\Administrators:(I)(F)             BUILTIN\Users:(I)(RX) vimtest.txt NULL SID:(DENY)(Rc,S,WEA,X,DC)             NW10\tcorbet:(R,W,D,WDAC,WO)             NW10\None:(DENY)(S,X)             NT AUTHORITY\Authenticated Users:(DENY)(S,X)             NT AUTHORITY\SYSTEM:(DENY)(S,X)             BUILTIN\Administrators:(DENY)(S,X)             BUILTIN\Users:(DENY)(S,X)             NW10\None:(RX)             NT AUTHORITY\Authenticated Users:(RX,W)             NT AUTHORITY\SYSTEM:(RX,W)             BUILTIN\Administrators:(RX,W)             BUILTIN\Users:(RX)             Everyone:(R) Moving now to a remote workstation, this is what icacls reports: FileExp.txt NT AUTHORITY\Authenticated Users:(I)(F)             NT AUTHORITY\SYSTEM:(I)(F)             BUILTIN\Administrators:(I)(F)             BUILTIN\Users:(I)(RX) vimtest.txt NULL SID:(DENY)(Rc,WEA,X,DC) S-1-5-21-3338163194-2450085813-3368937723-1001:(R,W,D,WDAC,WO) S-1-5-21-3338163194-2450085813-3368937723-513:(DENY)(X)             NT AUTHORITY\Authenticated Users:(DENY)(X)             NT AUTHORITY\SYSTEM:(DENY)(X)             BUILTIN\Administrators:(DENY)(X)             BUILTIN\Users:(DENY)(X)             S-1-5-21-3338163194-2450085813-3368937723-513:(RX)             NT AUTHORITY\Authenticated Users:(RX,W)             NT AUTHORITY\SYSTEM:(RX,W)             BUILTIN\Administrators:(RX,W)             BUILTIN\Users:(RX) And here is the status that icacls reports back on the original, owning workstation after having use vim to modify the two files from that remote workstation. FileExp.txt NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)             NW10\tcorbet:(DENY)(S,RD,WD,AD,REA,WEA,X,DC)             NW10\tcorbet:(D,Rc,WDAC,WO,RA,WA)             NW10\None:(Rc,S,RA)             NT AUTHORITY\Authenticated Users:(RX,W)             NT AUTHORITY\SYSTEM:(RX,W)             BUILTIN\Administrators:(RX,W)             BUILTIN\Users:(RX)             Everyone:(Rc,S,RA) vimtest.txt NULL SID:(DENY)(Rc,S,WEA,X,DC)             NW10\tcorbet:(R,W,D,WDAC,WO)             NW10\None:(DENY)(S,X)             NT AUTHORITY\Authenticated Users:(DENY)(S,X)             NT AUTHORITY\SYSTEM:(DENY)(S,X)             BUILTIN\Administrators:(DENY)(S,X)             BUILTIN\Users:(DENY)(S,X)             NW10\None:(RX)             NT AUTHORITY\Authenticated Users:(RX,W)             NT AUTHORITY\SYSTEM:(RX,W)             BUILTIN\Administrators:(RX,W)             BUILTIN\Users:(RX)             Everyone:(R) If my understanding is correct concerning the precedence handling of an ACL with multiple ACEs for the same user/ID, this result from grep on the original, owning workstation would not surprise you: F:\Dev\cygshoot>grep foo fileexp.txt grep: fileexp.txt: Permission denied but it blows me completely away.  Clearly I no longer have an environment in which I can work on any file from any workstation using any Cygwin utilities. What have I messed up? --------------NihvzIroIRbRK8jtBFAEZ6N1--