From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by sourceware.org (Postfix) with ESMTPS id 87656385E009 for ; Fri, 27 Mar 2020 12:57:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 87656385E009 Received: by mail-lj1-x242.google.com with SMTP id r24so10094827ljd.4 for ; Fri, 27 Mar 2020 05:57:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=uSIjTigPMQi64N05Zfvy23bVn1yfgjUzv29T2SQcwRU=; b=SC6NEZ4aLXcb+d/kSSq+XNG44gSBR8Uv6psH5galV/iFa8bSr0K0t/PL+/HNiZhWT3 hoULS8xmJ0UHEROglcy1ZdEPy7lzj7RoJrmXTfZuN5wG3a91shMHzNUdgbzcsHZkROG/ cc0cza7NFdknprEe9J8LBeNOcsMGY/g1d4JPpFEADTP9ptdjZnnbT34ZzgnU9nNf8paN 7L6s8vu2tDdYMs4nRYR4XF2UpS7Z2zqsKOiPcY92FBB+WN9L0vr6QzSvfORc7pETCxX0 3gP0rtWMimCugRvK2rVoxNiaSUbFZn9zs3EfDDct57qZulTCeAI5HIPkXLTwyU+SEf1/ lu2g== X-Gm-Message-State: ANhLgQ0POJeZnxb3/SCztxIYxhSJOMrUjQ8npRn+9ZKC1TTljJb/WX4p mVMXePKI3flsXERFxdTXE6/htvjbuKqoa3N4S/zhZUsU X-Google-Smtp-Source: APiQypJWcU+qNWVCWLE5fVrc7OnJpbwwQiC2r0yd1Ej5c4W+TUSAbJNGZ3BGrgGgMagRaN0lsjzNsLYzWI6P9Izf3aY= X-Received: by 2002:a2e:9013:: with SMTP id h19mr8458844ljg.101.1585313818877; Fri, 27 Mar 2020 05:56:58 -0700 (PDT) MIME-Version: 1.0 References: <459837604.20200327125155@yandex.ru> In-Reply-To: <459837604.20200327125155@yandex.ru> From: Kacper Michajlow Date: Fri, 27 Mar 2020 13:56:48 +0100 Message-ID: Subject: Re: ACL: Why SYSTEM doesn't have full access set on newly created files? To: cygwin@cygwin.com X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Mar 2020 12:57:02 -0000 > It is easily fixable by mounting directories outside Cygwin tree with "noacl" flag. > It is even required to do so, if you expect interoperation between Cygwin and > native tools. Indeed, this is acceptable workaround for me. Then again it is not really interoperable out of the box, even tho it may looks like. I mean all Windows drives are mounted, you can easily jump through all directories, mess with them until you find that it doesn't work and it is " required" to access those files differently. One may be fooled by the seemingly no boundary between Cygwin and Windows. > Don't do that on Cygwin directory tree, you break Cygwin doing this. I was talking about project cloned outside Cygwin tree, by using Cygwin's git. I do understand that Cygwin sysroot is it's own thing. Also the Cygwin tree have let say "normal" permissions set. I mean there is not deny on SYSTEM and so on. > Answered multiple time in the last 20 years. Read the docs. If it were so easy to find. And it was changed like 5 years ago how ACLs are handled, so I really doubt it was described 20 years ago. I just wanted to understand why SYSTEM described in Cygwin's docs as "A special account which has all kinds of dangerous rights, sort of an uber-root account." have those rights limited. > They are in correct order. Just not canonical order, which Explorer only supports. I was not implying they are in incorrect order... The question was, could Cygwin apart from having permissions in correct order, have them in Explorer compatible order also? > Yes. Thank you for comprehensive answer. -Kacper