* Problem with posix flags and permission denied on domain computer @ 2015-05-12 19:59 Jiří Engelthaler 2015-05-13 17:22 ` Jiří Engelthaler 0 siblings, 1 reply; 6+ messages in thread From: Jiří Engelthaler @ 2015-05-12 19:59 UTC (permalink / raw) To: cygwin I have problem with posix file flags and permission denied on computer which is in domain. I have file on disk D: named foo. It is accessible both in Windows and in Cygwin as /cygdrive/d/foo but has flags ----rwx---+. If I copy this file to file named bar, it is not accessible in Cygwin nor in Windows. Fresh Windows installation, fresh Cygwin 2.0.2-1, foo file created in notepad. As user engycz I'm member of group "NT AUTHORITY\Authenticated Users" and "BUILTIN\Users" so I have R/W access to foo. $ ls -al foo ----rwx---+ 1 engycz Domain Users 5 12. 5 20.15 foo $ cat foo hello $ getfacl.exe foo # file: foo # owner: engycz # group: Domain Users user::--- group::--- group:Authenticated Users:rwx group:SYSTEM:rwx group:Administrators:rwx group:Users:r-x mask:rwx other:--- $ icacls.exe foo foo BUILTIN\Administrators:(I)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\Authenticated Users:(I)(M) BUILTIN\Users:(I)(RX) ==================== $ cp foo bar ==================== $ ls -al bar ----rwx---+ 1 engycz Domain Users 5 12. 5 20.18 bar $ cat bar cat: bar: Permission denied $ getfacl.exe bar # file: bar # owner: engycz # group: Domain Users user::--- group::r-x group:Authenticated Users:rwx group:SYSTEM:rwx group:Administrators:rwx group:Users:r-x mask:rwx other:--- $ icacls.exe bar bar DOM_LAN\engycz:(DENY)(S,RD,REA,X) DOM_LAN\engycz:(D,Rc,WDAC,WO,RA,WA) DOM_LAN\Domain Users:(RX) Everyone:(Rc,S,RA) BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(F) NT AUTHORITY\Authenticated Users:(M) BUILTIN\Users:(RX) -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with posix flags and permission denied on domain computer 2015-05-12 19:59 Problem with posix flags and permission denied on domain computer Jiří Engelthaler @ 2015-05-13 17:22 ` Jiří Engelthaler 2015-05-13 18:41 ` schilpfamily 0 siblings, 1 reply; 6+ messages in thread From: Jiří Engelthaler @ 2015-05-13 17:22 UTC (permalink / raw) To: cygwin Digging couple of hours found the cause. File security.cc line 389 RtlGetGroupSecurityDescriptor gets group SID "DOM_LAN\Domain Users" but this group is not in Access list parsed in get_attribute_from_acl function. I think this is not only my problem and hope Cygwin will be fixed. Powershell get-acl: PS D:\> get-acl foo|format-list Path : Microsoft.PowerShell.Core\FileSystem::D:\foo Owner : DOM_LAN\engycz Group : DOM_LAN\Domain Users Access : BUILTIN\Administrators Allow FullControl NT AUTHORITY\SYSTEM Allow FullControl NT AUTHORITY\Authenticated Users Allow Modify, Synchronize BUILTIN\Users Allow ReadAndExecute, Synchronize Audit : Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301bf;;;AU)(A;ID;0x1200a9;;;BU) ========= PS D:\> get-acl bar|format-list Path : Microsoft.PowerShell.Core\FileSystem::D:\bar Owner : DOM_LAN\engycz Group : DOM_LAN\Domain Users Access : DOM_LAN\engycz Deny ReadData, ReadExtendedAttributes, ExecuteFile Everyone Allow ReadAttributes, ReadPermissions, Synchronize NT AUTHORITY\Authenticated Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl BUILTIN\Users Allow ReadAndExecute, Synchronize DOM_LAN\Domain Users Allow ReadAndExecute, Synchronize DOM_LAN\engycz Allow ReadAttributes, WriteAttributes, Delete, ReadPermissions, ChangePermissions, TakeOwnership, Synchronize Audit : Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:P(D;;CCSWWP;;;S-1-5-21-270207346-1464484900-1734353810-5370)(A;;0x120080;;;WD)(A;;0x1301bf;;;AU)( A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;DU)(A;;0x1f0180;;;S-1-5-21-270207346-1464484900-1734353810-5370) 2015-05-12 21:02 GMT+02:00 Jiří Engelthaler <engycz@gmail.com>: > I have problem with posix file flags and permission denied on computer > which is in domain. I have file on disk D: named foo. It is accessible > both in Windows and in Cygwin as /cygdrive/d/foo but has flags > ----rwx---+. If I copy this file to file named bar, it is not > accessible in Cygwin nor in Windows. > Fresh Windows installation, fresh Cygwin 2.0.2-1, foo file created in > notepad. As user engycz I'm member of group "NT > AUTHORITY\Authenticated Users" and "BUILTIN\Users" so I have R/W > access to foo. > > $ ls -al foo > ----rwx---+ 1 engycz Domain Users 5 12. 5 20.15 foo > > $ cat foo > hello > > $ getfacl.exe foo > # file: foo > # owner: engycz > # group: Domain Users > user::--- > group::--- > group:Authenticated Users:rwx > group:SYSTEM:rwx > group:Administrators:rwx > group:Users:r-x > mask:rwx > other:--- > > $ icacls.exe foo > foo BUILTIN\Administrators:(I)(F) > NT AUTHORITY\SYSTEM:(I)(F) > NT AUTHORITY\Authenticated Users:(I)(M) > BUILTIN\Users:(I)(RX) > > ==================== > $ cp foo bar > ==================== > > $ ls -al bar > ----rwx---+ 1 engycz Domain Users 5 12. 5 20.18 bar > > $ cat bar > cat: bar: Permission denied > > > $ getfacl.exe bar > # file: bar > # owner: engycz > # group: Domain Users > user::--- > group::r-x > group:Authenticated Users:rwx > group:SYSTEM:rwx > group:Administrators:rwx > group:Users:r-x > mask:rwx > other:--- > > $ icacls.exe bar > bar DOM_LAN\engycz:(DENY)(S,RD,REA,X) > DOM_LAN\engycz:(D,Rc,WDAC,WO,RA,WA) > DOM_LAN\Domain Users:(RX) > Everyone:(Rc,S,RA) > BUILTIN\Administrators:(F) > NT AUTHORITY\SYSTEM:(F) > NT AUTHORITY\Authenticated Users:(M) > BUILTIN\Users:(RX) -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with posix flags and permission denied on domain computer 2015-05-13 17:22 ` Jiří Engelthaler @ 2015-05-13 18:41 ` schilpfamily 2015-05-19 6:46 ` Jiří Engelthaler 0 siblings, 1 reply; 6+ messages in thread From: schilpfamily @ 2015-05-13 18:41 UTC (permalink / raw) To: cygwin finally, someone else experiencing the same problems i have been seeing. i have to run chmod -r u+r,u+w * to fix this issue. cygwin really need to fix this. On Wed, May 13, 2015 at 8:17 AM, Jiří Engelthaler <engycz@gmail.com> wrote: > Digging couple of hours found the cause. File security.cc line 389 > RtlGetGroupSecurityDescriptor gets group SID "DOM_LAN\Domain Users" > but this group is not in Access list parsed in get_attribute_from_acl > function. I think this is not only my problem and hope Cygwin will be > fixed. > > Powershell get-acl: > PS D:\> get-acl foo|format-list > > > Path : Microsoft.PowerShell.Core\FileSystem::D:\foo > Owner : DOM_LAN\engycz > Group : DOM_LAN\Domain Users > Access : BUILTIN\Administrators Allow FullControl > NT AUTHORITY\SYSTEM Allow FullControl > NT AUTHORITY\Authenticated Users Allow Modify, Synchronize > BUILTIN\Users Allow ReadAndExecute, Synchronize > Audit : > Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301bf;;;AU)(A;ID;0x1200a9;;;BU) > > ========= > > PS D:\> get-acl bar|format-list > > > Path : Microsoft.PowerShell.Core\FileSystem::D:\bar > Owner : DOM_LAN\engycz > Group : DOM_LAN\Domain Users > Access : DOM_LAN\engycz Deny ReadData, ReadExtendedAttributes, ExecuteFile > Everyone Allow ReadAttributes, ReadPermissions, Synchronize > NT AUTHORITY\Authenticated Users Allow Modify, Synchronize > NT AUTHORITY\SYSTEM Allow FullControl > BUILTIN\Administrators Allow FullControl > BUILTIN\Users Allow ReadAndExecute, Synchronize > DOM_LAN\Domain Users Allow ReadAndExecute, Synchronize > DOM_LAN\engycz Allow ReadAttributes, WriteAttributes, > Delete, ReadPermissions, ChangePermissions, TakeOwnership, Synchronize > Audit : > Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:P(D;;CCSWWP;;;S-1-5-21-270207346-1464484900-1734353810-5370)(A;;0x120080;;;WD)(A;;0x1301bf;;;AU)( > A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;DU)(A;;0x1f0180;;;S-1-5-21-270207346-1464484900-1734353810-5370) > > 2015-05-12 21:02 GMT+02:00 Jiří Engelthaler <engycz@gmail.com>: >> I have problem with posix file flags and permission denied on computer >> which is in domain. I have file on disk D: named foo. It is accessible >> both in Windows and in Cygwin as /cygdrive/d/foo but has flags >> ----rwx---+. If I copy this file to file named bar, it is not >> accessible in Cygwin nor in Windows. >> Fresh Windows installation, fresh Cygwin 2.0.2-1, foo file created in >> notepad. As user engycz I'm member of group "NT >> AUTHORITY\Authenticated Users" and "BUILTIN\Users" so I have R/W >> access to foo. >> >> $ ls -al foo >> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.15 foo >> >> $ cat foo >> hello >> >> $ getfacl.exe foo >> # file: foo >> # owner: engycz >> # group: Domain Users >> user::--- >> group::--- >> group:Authenticated Users:rwx >> group:SYSTEM:rwx >> group:Administrators:rwx >> group:Users:r-x >> mask:rwx >> other:--- >> >> $ icacls.exe foo >> foo BUILTIN\Administrators:(I)(F) >> NT AUTHORITY\SYSTEM:(I)(F) >> NT AUTHORITY\Authenticated Users:(I)(M) >> BUILTIN\Users:(I)(RX) >> >> ==================== >> $ cp foo bar >> ==================== >> >> $ ls -al bar >> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.18 bar >> >> $ cat bar >> cat: bar: Permission denied >> >> >> $ getfacl.exe bar >> # file: bar >> # owner: engycz >> # group: Domain Users >> user::--- >> group::r-x >> group:Authenticated Users:rwx >> group:SYSTEM:rwx >> group:Administrators:rwx >> group:Users:r-x >> mask:rwx >> other:--- >> >> $ icacls.exe bar >> bar DOM_LAN\engycz:(DENY)(S,RD,REA,X) >> DOM_LAN\engycz:(D,Rc,WDAC,WO,RA,WA) >> DOM_LAN\Domain Users:(RX) >> Everyone:(Rc,S,RA) >> BUILTIN\Administrators:(F) >> NT AUTHORITY\SYSTEM:(F) >> NT AUTHORITY\Authenticated Users:(M) >> BUILTIN\Users:(RX) > > -- > Problem reports: http://cygwin.com/problems.html > FAQ: http://cygwin.com/faq/ > Documentation: http://cygwin.com/docs.html > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with posix flags and permission denied on domain computer 2015-05-13 18:41 ` schilpfamily @ 2015-05-19 6:46 ` Jiří Engelthaler 2015-05-19 14:09 ` Buchbinder, Barry (NIH/NIAID) [E] 2015-05-27 13:07 ` Corinna Vinschen 0 siblings, 2 replies; 6+ messages in thread From: Jiří Engelthaler @ 2015-05-19 6:46 UTC (permalink / raw) To: cygwin I'd like to hear an answer from Corinna Vinschen pls. 2015-05-13 19:22 GMT+02:00 schilpfamily <schilpfamily@gmail.com>: > finally, someone else experiencing the same problems i have been > seeing. i have to run chmod -r u+r,u+w * to fix this issue. cygwin > really need to fix this. > > On Wed, May 13, 2015 at 8:17 AM, Jiří Engelthaler <engycz@gmail.com> wrote: >> Digging couple of hours found the cause. File security.cc line 389 >> RtlGetGroupSecurityDescriptor gets group SID "DOM_LAN\Domain Users" >> but this group is not in Access list parsed in get_attribute_from_acl >> function. I think this is not only my problem and hope Cygwin will be >> fixed. >> >> Powershell get-acl: >> PS D:\> get-acl foo|format-list >> >> >> Path : Microsoft.PowerShell.Core\FileSystem::D:\foo >> Owner : DOM_LAN\engycz >> Group : DOM_LAN\Domain Users >> Access : BUILTIN\Administrators Allow FullControl >> NT AUTHORITY\SYSTEM Allow FullControl >> NT AUTHORITY\Authenticated Users Allow Modify, Synchronize >> BUILTIN\Users Allow ReadAndExecute, Synchronize >> Audit : >> Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301bf;;;AU)(A;ID;0x1200a9;;;BU) >> >> ========= >> >> PS D:\> get-acl bar|format-list >> >> >> Path : Microsoft.PowerShell.Core\FileSystem::D:\bar >> Owner : DOM_LAN\engycz >> Group : DOM_LAN\Domain Users >> Access : DOM_LAN\engycz Deny ReadData, ReadExtendedAttributes, ExecuteFile >> Everyone Allow ReadAttributes, ReadPermissions, Synchronize >> NT AUTHORITY\Authenticated Users Allow Modify, Synchronize >> NT AUTHORITY\SYSTEM Allow FullControl >> BUILTIN\Administrators Allow FullControl >> BUILTIN\Users Allow ReadAndExecute, Synchronize >> DOM_LAN\Domain Users Allow ReadAndExecute, Synchronize >> DOM_LAN\engycz Allow ReadAttributes, WriteAttributes, >> Delete, ReadPermissions, ChangePermissions, TakeOwnership, Synchronize >> Audit : >> Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:P(D;;CCSWWP;;;S-1-5-21-270207346-1464484900-1734353810-5370)(A;;0x120080;;;WD)(A;;0x1301bf;;;AU)( >> A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;DU)(A;;0x1f0180;;;S-1-5-21-270207346-1464484900-1734353810-5370) >> >> 2015-05-12 21:02 GMT+02:00 Jiří Engelthaler <engycz@gmail.com>: >>> I have problem with posix file flags and permission denied on computer >>> which is in domain. I have file on disk D: named foo. It is accessible >>> both in Windows and in Cygwin as /cygdrive/d/foo but has flags >>> ----rwx---+. If I copy this file to file named bar, it is not >>> accessible in Cygwin nor in Windows. >>> Fresh Windows installation, fresh Cygwin 2.0.2-1, foo file created in >>> notepad. As user engycz I'm member of group "NT >>> AUTHORITY\Authenticated Users" and "BUILTIN\Users" so I have R/W >>> access to foo. >>> >>> $ ls -al foo >>> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.15 foo >>> >>> $ cat foo >>> hello >>> >>> $ getfacl.exe foo >>> # file: foo >>> # owner: engycz >>> # group: Domain Users >>> user::--- >>> group::--- >>> group:Authenticated Users:rwx >>> group:SYSTEM:rwx >>> group:Administrators:rwx >>> group:Users:r-x >>> mask:rwx >>> other:--- >>> >>> $ icacls.exe foo >>> foo BUILTIN\Administrators:(I)(F) >>> NT AUTHORITY\SYSTEM:(I)(F) >>> NT AUTHORITY\Authenticated Users:(I)(M) >>> BUILTIN\Users:(I)(RX) >>> >>> ==================== >>> $ cp foo bar >>> ==================== >>> >>> $ ls -al bar >>> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.18 bar >>> >>> $ cat bar >>> cat: bar: Permission denied >>> >>> >>> $ getfacl.exe bar >>> # file: bar >>> # owner: engycz >>> # group: Domain Users >>> user::--- >>> group::r-x >>> group:Authenticated Users:rwx >>> group:SYSTEM:rwx >>> group:Administrators:rwx >>> group:Users:r-x >>> mask:rwx >>> other:--- >>> >>> $ icacls.exe bar >>> bar DOM_LAN\engycz:(DENY)(S,RD,REA,X) >>> DOM_LAN\engycz:(D,Rc,WDAC,WO,RA,WA) >>> DOM_LAN\Domain Users:(RX) >>> Everyone:(Rc,S,RA) >>> BUILTIN\Administrators:(F) >>> NT AUTHORITY\SYSTEM:(F) >>> NT AUTHORITY\Authenticated Users:(M) >>> BUILTIN\Users:(RX) >> >> -- >> Problem reports: http://cygwin.com/problems.html >> FAQ: http://cygwin.com/faq/ >> Documentation: http://cygwin.com/docs.html >> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >> > > -- > Problem reports: http://cygwin.com/problems.html > FAQ: http://cygwin.com/faq/ > Documentation: http://cygwin.com/docs.html > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: Problem with posix flags and permission denied on domain computer 2015-05-19 6:46 ` Jiří Engelthaler @ 2015-05-19 14:09 ` Buchbinder, Barry (NIH/NIAID) [E] 2015-05-27 13:07 ` Corinna Vinschen 1 sibling, 0 replies; 6+ messages in thread From: Buchbinder, Barry (NIH/NIAID) [E] @ 2015-05-19 14:09 UTC (permalink / raw) To: cygwin; +Cc: 'Jiří Engelthaler' Jirí Engelthaler sent the following at Tuesday, May 19, 2015 2:44 AM >I'd like to hear an answer from Corinna Vinschen pls. She's on vacation. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem with posix flags and permission denied on domain computer 2015-05-19 6:46 ` Jiří Engelthaler 2015-05-19 14:09 ` Buchbinder, Barry (NIH/NIAID) [E] @ 2015-05-27 13:07 ` Corinna Vinschen 1 sibling, 0 replies; 6+ messages in thread From: Corinna Vinschen @ 2015-05-27 13:07 UTC (permalink / raw) To: cygwin [-- Attachment #1: Type: text/plain, Size: 657 bytes --] On May 19 08:43, Jiří Engelthaler wrote: > I'd like to hear an answer from Corinna Vinschen pls. The problem with the given permissions is that they don't reflect anything comparable with POSIX ACLs. The Cygwin ACL code is based on trying to emulate POSIX ACL behaviour and the permissions you have set on these files are not giving the user any permissions. The workaround for you is to use "noacl" mounts for paths affected by this (usually all paths outside the Cygwin tree). Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat [-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-05-27 13:06 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-05-12 19:59 Problem with posix flags and permission denied on domain computer Jiří Engelthaler 2015-05-13 17:22 ` Jiří Engelthaler 2015-05-13 18:41 ` schilpfamily 2015-05-19 6:46 ` Jiří Engelthaler 2015-05-19 14:09 ` Buchbinder, Barry (NIH/NIAID) [E] 2015-05-27 13:07 ` Corinna Vinschen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).