From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131]) by sourceware.org (Postfix) with ESMTPS id BEF8D3858D28 for ; Mon, 10 Jan 2022 13:46:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org BEF8D3858D28 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=cygwin.com Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=cygwin.com Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue009 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MbRXd-1mVvQY2Znl-00bpni for ; Mon, 10 Jan 2022 14:46:27 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id A284AA80D60; Mon, 10 Jan 2022 14:46:26 +0100 (CET) Date: Mon, 10 Jan 2022 14:46:26 +0100 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Duplicate ACLs? - Can't copy file even with Admin permissions Message-ID: Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <25043.7019.643488.389876@consult.pretender> <8735m12k3u.fsf@Rainer.invalid> <25047.23325.33020.646017@consult.pretender> <25048.43238.484068.737126@consult.pretender> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Provags-ID: V03:K1:9E/hK4aLHNSu7xyZJV3+wyBFbC1aIubHF8bMEvdPi6djUJCgBkS XroTpMzQWhQBakpCxxkF2EU2JnqpVZNLJJcSuT8BOPwQVrm0Xm2bRQ2D+Q7c1arlZd6b9lY mVA7056W9q/VEUR3BwLPKcUeObV/jxVHUkKbzfDcXpxHBNFiAlIdwcyORBmbgyfPQ0+Gb1G zSMDlP0d2lsFkyog+gBWg== X-UI-Out-Filterresults: notjunk:1;V03:K0:LH1ahBC9Xvw=:it/lRzDoEUV1ILzhUe/noJ LbmPNFiFC3UsKCAzCp6sRci2dwvLVNEVDcLDVF9SAw4nwzsrnPPU5FnM7fGKnlOyjGDFGIvj3 HYp0yMeF6wXtv0gWsrlIRNy82zwdmIhUhaTcpZP3vJlXBLg8xKucye8gD/JhSXTYSjzpysn1y yP786a0+kJoIVhApL4ZKF2n1pXigB+Ye58ts+ldwt1OVCGXKjeYT0OUfNE2IQuOUm9rU5NMbx cobDtOg6yHEHXk7Pq5pOCJqj3XfTj6p434V4XzwTHdVabwhwV30antf4iPKj3aH1CH3VzAmeq 02Ay7AJFwpahtCtC4JMtPuDRZ77iClPjQxE69WWm2fdbGBbXizFjLc6bbYgnxNYnCbiyZqqtv gunLChK3px4M2uot6x7aBXRZ1uqfsrPTIILfZ1JbS69y5MAjDhhRxFxEDhzJUBZwCciIcSyd8 mX9yS1wzmQYZuv0xXE3y/gfbFzdgDnQcJYncKbKrtopW2aaYTGsBMmtjPU+j0IMC3DkKjZxJX C1ODhbQzCUuqH7JyPhhK8LAYWkLcGKTDrSPRL175w05vC6k2G+8MUVhbHMHpI/j4JpW5qCFRp 00IVEc95xe8aCGxtBGvs8PrE0BxNvD3wXii/H/lG3HjxhhW9mzMHAHWIYxf3UIGTmqToz1/LU byoot7h/33NTc1kQMFfYKIyTEPAUFIuCmrjalhVG2iryZHHzmo26sQtXTyE82yT32ocwXMwr0 dDHtPWVPtaL1RACv X-Spam-Status: No, score=-90.8 required=5.0 tests=BAYES_00, GOOD_FROM_CORINNA_CYGWIN, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_FAIL, SPF_HELO_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jan 2022 13:46:31 -0000 On Jan 10 11:07, Corinna Vinschen wrote: > On Jan 7 15:56, cygwin@kosowsky.org wrote: > > > Corinna Vinschen wrote: > > > On Jan 6 16:11, cyg...@kosowsky.org wrote: > > > It is. I realized belatedly, that 3da9e136.acl is apparently a > > > directory, not a file. > > > > It's actually a file... > > This is weird. The meaning of the OI and CI markers are "Object > inheritance" and "Container inheritance". These bits only make sense > for directories and they control how ACEs are inherited by child objects > (files) and child containers (subdirs). > > Consequentially, if I use `icacls /restore' on a file with the DACL > saved by you, the OI and CI bits are simply ignored. After /restore, > if I call /save again the resulting file looks like this: > > $ cat aclfile-after-restore.sav > acltest > D:PAI(A;;FA;;;SY)(A;;0x1200a9;;;WD)(A;;FA;;;BA) FTR, it's even worse. Windows ACEs with inheritence flags result in equivalent POSIX default ACEs. Per Linux (or better, POSIX 1003.1e draft 17), it's an error trying to set default ACEs on files. Therefore, a process trying to set the permissions as in your case would result in getting errno EACCES. Cygwin follows suit. > However, this gave me a clue. If this is really a file, it's a good > chance that the inheritance flags are restricted to directories at > one point in either the Cygwin DLL itself, or the getfacl tool. > > I'll have a look into the sources later, but I sure would prefer if > I could create such a file locally. I tried to create a file with equivalent ACL including the inheritence flags on W7, W10 and W11, but to no avail. After running icacls /restore the resulting DACL does not contain inheritance flags on none of the systems. Neither do the different Windows GUIs allow setting inheritance flags on files. I also ran getfacl under GDB and manipulated getfacl into believing that a directory with matching ACL is actually a file, but the output generated by getfacl was not showing the default ACEs at all: # file: acltest # owner: Administrators # group: SYSTEM user::rwx group::rwx other::r-x ¯\_(ツ)_/¯ Corinna