Re: Duplicate ACLs? - Can't copy file even with Admin permissions

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Duplicate ACLs? - Can't copy file even with Admin permissions
Date: Fri, 7 Jan 2022 14:22:25 +0100	[thread overview]
Message-ID: <Ydg+kfpACU9PPx5t@calimero.vinschen.de> (raw)
In-Reply-To: <25047.23325.33020.646017@consult.pretender>

On Jan  6 16:11, cygwin@kosowsky.org wrote:
> Corinna Vinschen wrote:
> > On Jan  3 10:51, cyg...@kosowsky.org wrote:
> > > I have a file: /c/Config.Msi/3da9e136.rbf that I cannot copy, even when
> > > [...]
> > >       # getfacl 3da9e136.rbf
> > >       # file: 3da9e136.rbf
> > >       # owner: Administrators
> > >       # group: SYSTEM
> > >       user::rwx
> > >       group::rwx
> > >       other::r-x
> > >       user::rwx
> > >       group::rwx
> > >       group:SYSTEM:rwx
> > >       mask::rwx
> > >       other::r-x
> > > [...]
> > [...]
> > Would you mind to run `icacls 3da9e136.rbf /save 3da9e136.acl
> > and paste the content of 3da9e136.acl into your reply?
> 
> I ran the code you suggested:
>   #icacls 3da9e136.rbf /save 3da9e136.acl
>   processed file: 3da9e136.rbf
>   Successfully processed 1 files; Failed processing 0 files
> 
>   #cat 3da9e136.acl
>   3da9e136.rbf
>   D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
> 
> Not sure how to interpret the above but hope it's helpful...

It is.  I realized belatedly, that 3da9e136.acl is apparently a
directory, not a file.  So I tweaked my local test accordingly, and
here's my session output:

  $ mkdir acltest
  $ chown Administrators.SYSTEM acltest
  $ cat aclfile.sav
  acltest
  D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
  $ icacls . /restore aclfile.sav
  processed file: .\acltest
  Successfully processed 1 files; Failed processing 0 files
  $ icacls acltest
  acltest NT AUTHORITY\SYSTEM:(OI)(CI)(F)
          Everyone:(OI)(CI)(RX)
          BUILTIN\Administrators:(OI)(CI)(F)

  Successfully processed 1 files; Failed processing 0 files

>   #icacls 3da9e136.rbf
>   3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
>              Everyone:(OI)(CI)(RX)
>              BUILTIN\Administrators:(OI)(CI)(F)
> 
>   Successfully processed 1 files; Failed processing 0 files

So the DACL is now identical to yours.  Let's try getfacl:

  $ getfacl --version | head -1
  getfacl (cygwin) 3.3.3
  $ getfacl acltest
  # file: acltest
  # owner: Administrators
  # group: SYSTEM
  user::rwx
  group::rwx
  other::r-x
  default:user::rwx
  default:group::rwx
  default:group:SYSTEM:rwx
  default:mask::rwx
  default:other::r-x

Ok, that looks correct.  Now compare with the output of your getfacl:

>   #getfacl 3da9e136.rbf
>   # file: 3da9e136.rbf
>   # owner: Administrators
>   # group: SYSTEM
>   user::rwx
>   group::rwx
>   other::r-x
>   user::rwx
>   group::rwx
>   group:SYSTEM:rwx
>   mask::rwx
>   other::r-x

It's exactly the same as the one my gefacl prints above, except the
"default:" specifier for default ACEs is missing in the output.

I can't explain that, sorry.  Old getfacl version?  Running an output
filter of some sort?  Clutching at straws here....

> > Please use "reply-to" to keep mail threading intact.  Your two
> > mails in terms of this problem are disconnected for some reason.
> 
> Not sure why my MTA has not been threading properly but for some
> reason I didn't receive your response either.

By default I'm using "list-reply-to" in mutt, so replies are only
going to the mailing list.  I added you to the CC for this reply.

> Hopefully this gets attached to the correct thread.

It did, thanks.


Corinna

next prev parent reply	other threads:[~2022-01-07 13:22 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-03 15:51 cygwin
2022-01-05 11:34 ` Corinna Vinschen
2022-01-06 11:12   ` Achim Gratz
2022-01-06 21:11     ` cygwin
2022-01-07 13:22       ` Corinna Vinschen [this message]
2022-01-07 20:56       ` cygwin
2022-01-10 10:07         ` Corinna Vinschen
2022-01-10 13:46           ` Corinna Vinschen
2022-01-12  9:33             ` Corinna Vinschen
2022-01-19  2:26             ` cygwin
2022-01-19  8:00               ` Corinna Vinschen
2022-01-21 13:57                 ` cygwin
2022-01-25 19:19                   ` Corinna Vinschen
2022-01-26  1:11                     ` cygwin
2022-01-06 18:05   ` Andrey Repin
2022-01-06 19:42     ` Franz Fehringer
2022-01-06 20:35     ` cygwin
2022-01-06 20:46       ` Eliot Moss

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Ydg+kfpACU9PPx5t@calimero.vinschen.de \
    --to=corinna-cygwin@cygwin.com \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).