From: Erik Soderquist <ErikSoderquist@gmail.com>
To: cygwin@cygwin.com
Subject: Re: Issues with ACL settings after updating to the latest cygwin.dll - correction
Date: Fri, 29 Apr 2016 16:03:00 -0000 [thread overview]
Message-ID: <CACoZoo3MR98aEcNfCHwPjrrgrSaj-9Daaa+oNNGSmYBqCbvEKQ@mail.gmail.com> (raw)
In-Reply-To: <CACoZoo385sv6iWTQspaNbbrbF5LtbWSNvFmViTTVTHKrtPO1gQ@mail.gmail.com>
I'm having a similar issue with strange acl results... I wish I knew
which update triggered this, but I'd ignored and/or worked around
it...
I can reproduce it with the following:
user@localhost ~
$ touch /tmp/foo
user@localhost ~
$ chmod 700 /tmp/foo
user@localhost ~
$ echo foo>/tmp/foo
-bash: /tmp/foo: Permission denied
user@localhost ~
$ ls -la /tmp
total 20
drwxrwxrwx+ 1 user Administrators 0 Apr 29 11:42 .
dr-xrwxr-x+ 1 Administrators Administrators 0 Mar 9 17:00 ..
-rwx------+ 1 user Domain Users 0 Apr 29 11:42 foo
result of the acl commands, as I've seen them requested are:
user@localhost /tmp
$ cacls foo
C:\cygwin64\tmp\foo NewDomain\user:(DENY)(special access:)
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_DELETE_CHILD
FILE_WRITE_ATTRIBUTES
NewDomain\user:F
NewDomain\user:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
NewDomain\Domain Users:(DENY)(special access:)
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_DELETE_CHILD
FILE_WRITE_ATTRIBUTES
OldDomain\Domain Users:(DENY)(special access:)
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_DELETE_CHILD
FILE_WRITE_ATTRIBUTES
NewDomain\Domain Users:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
BUILTIN\Administrators:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
OldDomain\Domain Users:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_READ_ATTRIBUTES
user@localhost /tmp
$ icacls foo
foo NewDomain\user:(DENY)(W,RD,REA,DC)
NewDomain\user:(F)
NewDomain\user:(R,W)
NewDomain\Domain Users:(DENY)(W,RD,REA,DC)
OldDomain\Domain Users:(DENY)(W,RD,REA,DC)
NewDomain\Domain Users:(R,W)
BUILTIN\Administrators:(R,W)
OldDomain\Domain Users:(R,W)
Everyone:(Rc,S,RA)
Successfully processed 1 files; Failed processing 0 files
I don't understand why there is a DENY at all rather than simply
removing the Allow permissions, nor do I understand why the user, who
is owner of the file and has rwx for it, is getting a DENY at all.
-- Erik
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2016-04-29 16:03 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2119166713.121814507.1457103633265.JavaMail.root@zimbra93-e16.priv.proxad.net>
2016-03-04 15:43 ` akikij
2016-03-05 10:01 ` Corinna Vinschen
2016-03-05 17:49 ` akikij
2016-03-06 16:38 ` Corinna Vinschen
2016-03-07 19:12 ` akikij
2016-03-08 9:02 ` Corinna Vinschen
[not found] ` <CACoZoo385sv6iWTQspaNbbrbF5LtbWSNvFmViTTVTHKrtPO1gQ@mail.gmail.com>
2016-04-29 16:03 ` Erik Soderquist [this message]
2016-05-30 16:33 ` Corinna Vinschen
2016-05-31 8:54 ` Erik Soderquist
2016-05-31 21:08 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACoZoo3MR98aEcNfCHwPjrrgrSaj-9Daaa+oNNGSmYBqCbvEKQ@mail.gmail.com \
--to=eriksoderquist@gmail.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).