* Problem with posix flags and permission denied on domain computer
@ 2015-05-12 19:59 Jiří Engelthaler
2015-05-13 17:22 ` Jiří Engelthaler
0 siblings, 1 reply; 6+ messages in thread
From: Jiří Engelthaler @ 2015-05-12 19:59 UTC (permalink / raw)
To: cygwin
I have problem with posix file flags and permission denied on computer
which is in domain. I have file on disk D: named foo. It is accessible
both in Windows and in Cygwin as /cygdrive/d/foo but has flags
----rwx---+. If I copy this file to file named bar, it is not
accessible in Cygwin nor in Windows.
Fresh Windows installation, fresh Cygwin 2.0.2-1, foo file created in
notepad. As user engycz I'm member of group "NT
AUTHORITY\Authenticated Users" and "BUILTIN\Users" so I have R/W
access to foo.
$ ls -al foo
----rwx---+ 1 engycz Domain Users 5 12. 5 20.15 foo
$ cat foo
hello
$ getfacl.exe foo
# file: foo
# owner: engycz
# group: Domain Users
user::---
group::---
group:Authenticated Users:rwx
group:SYSTEM:rwx
group:Administrators:rwx
group:Users:r-x
mask:rwx
other:---
$ icacls.exe foo
foo BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\Authenticated Users:(I)(M)
BUILTIN\Users:(I)(RX)
====================
$ cp foo bar
====================
$ ls -al bar
----rwx---+ 1 engycz Domain Users 5 12. 5 20.18 bar
$ cat bar
cat: bar: Permission denied
$ getfacl.exe bar
# file: bar
# owner: engycz
# group: Domain Users
user::---
group::r-x
group:Authenticated Users:rwx
group:SYSTEM:rwx
group:Administrators:rwx
group:Users:r-x
mask:rwx
other:---
$ icacls.exe bar
bar DOM_LAN\engycz:(DENY)(S,RD,REA,X)
DOM_LAN\engycz:(D,Rc,WDAC,WO,RA,WA)
DOM_LAN\Domain Users:(RX)
Everyone:(Rc,S,RA)
BUILTIN\Administrators:(F)
NT AUTHORITY\SYSTEM:(F)
NT AUTHORITY\Authenticated Users:(M)
BUILTIN\Users:(RX)
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with posix flags and permission denied on domain computer
2015-05-12 19:59 Problem with posix flags and permission denied on domain computer Jiří Engelthaler
@ 2015-05-13 17:22 ` Jiří Engelthaler
2015-05-13 18:41 ` schilpfamily
0 siblings, 1 reply; 6+ messages in thread
From: Jiří Engelthaler @ 2015-05-13 17:22 UTC (permalink / raw)
To: cygwin
Digging couple of hours found the cause. File security.cc line 389
RtlGetGroupSecurityDescriptor gets group SID "DOM_LAN\Domain Users"
but this group is not in Access list parsed in get_attribute_from_acl
function. I think this is not only my problem and hope Cygwin will be
fixed.
Powershell get-acl:
PS D:\> get-acl foo|format-list
Path : Microsoft.PowerShell.Core\FileSystem::D:\foo
Owner : DOM_LAN\engycz
Group : DOM_LAN\Domain Users
Access : BUILTIN\Administrators Allow FullControl
NT AUTHORITY\SYSTEM Allow FullControl
NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
BUILTIN\Users Allow ReadAndExecute, Synchronize
Audit :
Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301bf;;;AU)(A;ID;0x1200a9;;;BU)
=========
PS D:\> get-acl bar|format-list
Path : Microsoft.PowerShell.Core\FileSystem::D:\bar
Owner : DOM_LAN\engycz
Group : DOM_LAN\Domain Users
Access : DOM_LAN\engycz Deny ReadData, ReadExtendedAttributes, ExecuteFile
Everyone Allow ReadAttributes, ReadPermissions, Synchronize
NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Administrators Allow FullControl
BUILTIN\Users Allow ReadAndExecute, Synchronize
DOM_LAN\Domain Users Allow ReadAndExecute, Synchronize
DOM_LAN\engycz Allow ReadAttributes, WriteAttributes,
Delete, ReadPermissions, ChangePermissions, TakeOwnership, Synchronize
Audit :
Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:P(D;;CCSWWP;;;S-1-5-21-270207346-1464484900-1734353810-5370)(A;;0x120080;;;WD)(A;;0x1301bf;;;AU)(
A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;DU)(A;;0x1f0180;;;S-1-5-21-270207346-1464484900-1734353810-5370)
2015-05-12 21:02 GMT+02:00 Jiří Engelthaler <engycz@gmail.com>:
> I have problem with posix file flags and permission denied on computer
> which is in domain. I have file on disk D: named foo. It is accessible
> both in Windows and in Cygwin as /cygdrive/d/foo but has flags
> ----rwx---+. If I copy this file to file named bar, it is not
> accessible in Cygwin nor in Windows.
> Fresh Windows installation, fresh Cygwin 2.0.2-1, foo file created in
> notepad. As user engycz I'm member of group "NT
> AUTHORITY\Authenticated Users" and "BUILTIN\Users" so I have R/W
> access to foo.
>
> $ ls -al foo
> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.15 foo
>
> $ cat foo
> hello
>
> $ getfacl.exe foo
> # file: foo
> # owner: engycz
> # group: Domain Users
> user::---
> group::---
> group:Authenticated Users:rwx
> group:SYSTEM:rwx
> group:Administrators:rwx
> group:Users:r-x
> mask:rwx
> other:---
>
> $ icacls.exe foo
> foo BUILTIN\Administrators:(I)(F)
> NT AUTHORITY\SYSTEM:(I)(F)
> NT AUTHORITY\Authenticated Users:(I)(M)
> BUILTIN\Users:(I)(RX)
>
> ====================
> $ cp foo bar
> ====================
>
> $ ls -al bar
> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.18 bar
>
> $ cat bar
> cat: bar: Permission denied
>
>
> $ getfacl.exe bar
> # file: bar
> # owner: engycz
> # group: Domain Users
> user::---
> group::r-x
> group:Authenticated Users:rwx
> group:SYSTEM:rwx
> group:Administrators:rwx
> group:Users:r-x
> mask:rwx
> other:---
>
> $ icacls.exe bar
> bar DOM_LAN\engycz:(DENY)(S,RD,REA,X)
> DOM_LAN\engycz:(D,Rc,WDAC,WO,RA,WA)
> DOM_LAN\Domain Users:(RX)
> Everyone:(Rc,S,RA)
> BUILTIN\Administrators:(F)
> NT AUTHORITY\SYSTEM:(F)
> NT AUTHORITY\Authenticated Users:(M)
> BUILTIN\Users:(RX)
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with posix flags and permission denied on domain computer
2015-05-13 17:22 ` Jiří Engelthaler
@ 2015-05-13 18:41 ` schilpfamily
2015-05-19 6:46 ` Jiří Engelthaler
0 siblings, 1 reply; 6+ messages in thread
From: schilpfamily @ 2015-05-13 18:41 UTC (permalink / raw)
To: cygwin
finally, someone else experiencing the same problems i have been
seeing. i have to run chmod -r u+r,u+w * to fix this issue. cygwin
really need to fix this.
On Wed, May 13, 2015 at 8:17 AM, Jiří Engelthaler <engycz@gmail.com> wrote:
> Digging couple of hours found the cause. File security.cc line 389
> RtlGetGroupSecurityDescriptor gets group SID "DOM_LAN\Domain Users"
> but this group is not in Access list parsed in get_attribute_from_acl
> function. I think this is not only my problem and hope Cygwin will be
> fixed.
>
> Powershell get-acl:
> PS D:\> get-acl foo|format-list
>
>
> Path : Microsoft.PowerShell.Core\FileSystem::D:\foo
> Owner : DOM_LAN\engycz
> Group : DOM_LAN\Domain Users
> Access : BUILTIN\Administrators Allow FullControl
> NT AUTHORITY\SYSTEM Allow FullControl
> NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
> BUILTIN\Users Allow ReadAndExecute, Synchronize
> Audit :
> Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301bf;;;AU)(A;ID;0x1200a9;;;BU)
>
> =========
>
> PS D:\> get-acl bar|format-list
>
>
> Path : Microsoft.PowerShell.Core\FileSystem::D:\bar
> Owner : DOM_LAN\engycz
> Group : DOM_LAN\Domain Users
> Access : DOM_LAN\engycz Deny ReadData, ReadExtendedAttributes, ExecuteFile
> Everyone Allow ReadAttributes, ReadPermissions, Synchronize
> NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
> NT AUTHORITY\SYSTEM Allow FullControl
> BUILTIN\Administrators Allow FullControl
> BUILTIN\Users Allow ReadAndExecute, Synchronize
> DOM_LAN\Domain Users Allow ReadAndExecute, Synchronize
> DOM_LAN\engycz Allow ReadAttributes, WriteAttributes,
> Delete, ReadPermissions, ChangePermissions, TakeOwnership, Synchronize
> Audit :
> Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:P(D;;CCSWWP;;;S-1-5-21-270207346-1464484900-1734353810-5370)(A;;0x120080;;;WD)(A;;0x1301bf;;;AU)(
> A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;DU)(A;;0x1f0180;;;S-1-5-21-270207346-1464484900-1734353810-5370)
>
> 2015-05-12 21:02 GMT+02:00 Jiří Engelthaler <engycz@gmail.com>:
>> I have problem with posix file flags and permission denied on computer
>> which is in domain. I have file on disk D: named foo. It is accessible
>> both in Windows and in Cygwin as /cygdrive/d/foo but has flags
>> ----rwx---+. If I copy this file to file named bar, it is not
>> accessible in Cygwin nor in Windows.
>> Fresh Windows installation, fresh Cygwin 2.0.2-1, foo file created in
>> notepad. As user engycz I'm member of group "NT
>> AUTHORITY\Authenticated Users" and "BUILTIN\Users" so I have R/W
>> access to foo.
>>
>> $ ls -al foo
>> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.15 foo
>>
>> $ cat foo
>> hello
>>
>> $ getfacl.exe foo
>> # file: foo
>> # owner: engycz
>> # group: Domain Users
>> user::---
>> group::---
>> group:Authenticated Users:rwx
>> group:SYSTEM:rwx
>> group:Administrators:rwx
>> group:Users:r-x
>> mask:rwx
>> other:---
>>
>> $ icacls.exe foo
>> foo BUILTIN\Administrators:(I)(F)
>> NT AUTHORITY\SYSTEM:(I)(F)
>> NT AUTHORITY\Authenticated Users:(I)(M)
>> BUILTIN\Users:(I)(RX)
>>
>> ====================
>> $ cp foo bar
>> ====================
>>
>> $ ls -al bar
>> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.18 bar
>>
>> $ cat bar
>> cat: bar: Permission denied
>>
>>
>> $ getfacl.exe bar
>> # file: bar
>> # owner: engycz
>> # group: Domain Users
>> user::---
>> group::r-x
>> group:Authenticated Users:rwx
>> group:SYSTEM:rwx
>> group:Administrators:rwx
>> group:Users:r-x
>> mask:rwx
>> other:---
>>
>> $ icacls.exe bar
>> bar DOM_LAN\engycz:(DENY)(S,RD,REA,X)
>> DOM_LAN\engycz:(D,Rc,WDAC,WO,RA,WA)
>> DOM_LAN\Domain Users:(RX)
>> Everyone:(Rc,S,RA)
>> BUILTIN\Administrators:(F)
>> NT AUTHORITY\SYSTEM:(F)
>> NT AUTHORITY\Authenticated Users:(M)
>> BUILTIN\Users:(RX)
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with posix flags and permission denied on domain computer
2015-05-13 18:41 ` schilpfamily
@ 2015-05-19 6:46 ` Jiří Engelthaler
2015-05-19 14:09 ` Buchbinder, Barry (NIH/NIAID) [E]
2015-05-27 13:07 ` Corinna Vinschen
0 siblings, 2 replies; 6+ messages in thread
From: Jiří Engelthaler @ 2015-05-19 6:46 UTC (permalink / raw)
To: cygwin
I'd like to hear an answer from Corinna Vinschen pls.
2015-05-13 19:22 GMT+02:00 schilpfamily <schilpfamily@gmail.com>:
> finally, someone else experiencing the same problems i have been
> seeing. i have to run chmod -r u+r,u+w * to fix this issue. cygwin
> really need to fix this.
>
> On Wed, May 13, 2015 at 8:17 AM, Jiří Engelthaler <engycz@gmail.com> wrote:
>> Digging couple of hours found the cause. File security.cc line 389
>> RtlGetGroupSecurityDescriptor gets group SID "DOM_LAN\Domain Users"
>> but this group is not in Access list parsed in get_attribute_from_acl
>> function. I think this is not only my problem and hope Cygwin will be
>> fixed.
>>
>> Powershell get-acl:
>> PS D:\> get-acl foo|format-list
>>
>>
>> Path : Microsoft.PowerShell.Core\FileSystem::D:\foo
>> Owner : DOM_LAN\engycz
>> Group : DOM_LAN\Domain Users
>> Access : BUILTIN\Administrators Allow FullControl
>> NT AUTHORITY\SYSTEM Allow FullControl
>> NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
>> BUILTIN\Users Allow ReadAndExecute, Synchronize
>> Audit :
>> Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301bf;;;AU)(A;ID;0x1200a9;;;BU)
>>
>> =========
>>
>> PS D:\> get-acl bar|format-list
>>
>>
>> Path : Microsoft.PowerShell.Core\FileSystem::D:\bar
>> Owner : DOM_LAN\engycz
>> Group : DOM_LAN\Domain Users
>> Access : DOM_LAN\engycz Deny ReadData, ReadExtendedAttributes, ExecuteFile
>> Everyone Allow ReadAttributes, ReadPermissions, Synchronize
>> NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
>> NT AUTHORITY\SYSTEM Allow FullControl
>> BUILTIN\Administrators Allow FullControl
>> BUILTIN\Users Allow ReadAndExecute, Synchronize
>> DOM_LAN\Domain Users Allow ReadAndExecute, Synchronize
>> DOM_LAN\engycz Allow ReadAttributes, WriteAttributes,
>> Delete, ReadPermissions, ChangePermissions, TakeOwnership, Synchronize
>> Audit :
>> Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:P(D;;CCSWWP;;;S-1-5-21-270207346-1464484900-1734353810-5370)(A;;0x120080;;;WD)(A;;0x1301bf;;;AU)(
>> A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;DU)(A;;0x1f0180;;;S-1-5-21-270207346-1464484900-1734353810-5370)
>>
>> 2015-05-12 21:02 GMT+02:00 Jiří Engelthaler <engycz@gmail.com>:
>>> I have problem with posix file flags and permission denied on computer
>>> which is in domain. I have file on disk D: named foo. It is accessible
>>> both in Windows and in Cygwin as /cygdrive/d/foo but has flags
>>> ----rwx---+. If I copy this file to file named bar, it is not
>>> accessible in Cygwin nor in Windows.
>>> Fresh Windows installation, fresh Cygwin 2.0.2-1, foo file created in
>>> notepad. As user engycz I'm member of group "NT
>>> AUTHORITY\Authenticated Users" and "BUILTIN\Users" so I have R/W
>>> access to foo.
>>>
>>> $ ls -al foo
>>> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.15 foo
>>>
>>> $ cat foo
>>> hello
>>>
>>> $ getfacl.exe foo
>>> # file: foo
>>> # owner: engycz
>>> # group: Domain Users
>>> user::---
>>> group::---
>>> group:Authenticated Users:rwx
>>> group:SYSTEM:rwx
>>> group:Administrators:rwx
>>> group:Users:r-x
>>> mask:rwx
>>> other:---
>>>
>>> $ icacls.exe foo
>>> foo BUILTIN\Administrators:(I)(F)
>>> NT AUTHORITY\SYSTEM:(I)(F)
>>> NT AUTHORITY\Authenticated Users:(I)(M)
>>> BUILTIN\Users:(I)(RX)
>>>
>>> ====================
>>> $ cp foo bar
>>> ====================
>>>
>>> $ ls -al bar
>>> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.18 bar
>>>
>>> $ cat bar
>>> cat: bar: Permission denied
>>>
>>>
>>> $ getfacl.exe bar
>>> # file: bar
>>> # owner: engycz
>>> # group: Domain Users
>>> user::---
>>> group::r-x
>>> group:Authenticated Users:rwx
>>> group:SYSTEM:rwx
>>> group:Administrators:rwx
>>> group:Users:r-x
>>> mask:rwx
>>> other:---
>>>
>>> $ icacls.exe bar
>>> bar DOM_LAN\engycz:(DENY)(S,RD,REA,X)
>>> DOM_LAN\engycz:(D,Rc,WDAC,WO,RA,WA)
>>> DOM_LAN\Domain Users:(RX)
>>> Everyone:(Rc,S,RA)
>>> BUILTIN\Administrators:(F)
>>> NT AUTHORITY\SYSTEM:(F)
>>> NT AUTHORITY\Authenticated Users:(M)
>>> BUILTIN\Users:(RX)
>>
>> --
>> Problem reports: http://cygwin.com/problems.html
>> FAQ: http://cygwin.com/faq/
>> Documentation: http://cygwin.com/docs.html
>> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>>
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: Problem with posix flags and permission denied on domain computer
2015-05-19 6:46 ` Jiří Engelthaler
@ 2015-05-19 14:09 ` Buchbinder, Barry (NIH/NIAID) [E]
2015-05-27 13:07 ` Corinna Vinschen
1 sibling, 0 replies; 6+ messages in thread
From: Buchbinder, Barry (NIH/NIAID) [E] @ 2015-05-19 14:09 UTC (permalink / raw)
To: cygwin; +Cc: 'Jiří Engelthaler'
Jirí Engelthaler sent the following at Tuesday, May 19, 2015 2:44 AM
>I'd like to hear an answer from Corinna Vinschen pls.
She's on vacation.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with posix flags and permission denied on domain computer
2015-05-19 6:46 ` Jiří Engelthaler
2015-05-19 14:09 ` Buchbinder, Barry (NIH/NIAID) [E]
@ 2015-05-27 13:07 ` Corinna Vinschen
1 sibling, 0 replies; 6+ messages in thread
From: Corinna Vinschen @ 2015-05-27 13:07 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 657 bytes --]
On May 19 08:43, Jiří Engelthaler wrote:
> I'd like to hear an answer from Corinna Vinschen pls.
The problem with the given permissions is that they don't reflect
anything comparable with POSIX ACLs. The Cygwin ACL code is based
on trying to emulate POSIX ACL behaviour and the permissions you
have set on these files are not giving the user any permissions.
The workaround for you is to use "noacl" mounts for paths affected by
this (usually all paths outside the Cygwin tree).
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-05-27 13:06 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-05-12 19:59 Problem with posix flags and permission denied on domain computer Jiří Engelthaler
2015-05-13 17:22 ` Jiří Engelthaler
2015-05-13 18:41 ` schilpfamily
2015-05-19 6:46 ` Jiří Engelthaler
2015-05-19 14:09 ` Buchbinder, Barry (NIH/NIAID) [E]
2015-05-27 13:07 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).