Re: ACEs and ACLs

["J. Terry Corbet" <terry.corbet@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3142 bytes --]

Thank you for the greatly needed assistance, but the reference to which 
you have pointed me says that noacl will be ignored in the case of ntfs 
file systems.  All of mine are and that has not changed, neither has the 
default entry in fstab, which seems always to have been:

none /cygdrive cygdrive binary, posix=0, user 0 0

On 2024-03-18 04:41, Corinna Vinschen via Cygwin wrote:
> On Mar 16 18:05, J. Terry Corbet via Cygwin wrote:
>> [...]
>> And here is the status that icacls reports back on the original, owning
>> workstation
>> after having use vim to modify the two files from that remote workstation.
>>
>> FileExp.txt NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)
>>              NW10\tcorbet:(DENY)(S,RD,WD,AD,REA,WEA,X,DC)
>>              NW10\tcorbet:(D,Rc,WDAC,WO,RA,WA)
>>              NW10\None:(Rc,S,RA)
>>              NT AUTHORITY\Authenticated Users:(RX,W)
>>              NT AUTHORITY\SYSTEM:(RX,W)
>>              BUILTIN\Administrators:(RX,W)
>>              BUILTIN\Users:(RX)
>>              Everyone:(Rc,S,RA)
>>
>> vimtest.txt NULL SID:(DENY)(Rc,S,WEA,X,DC)
>>              NW10\tcorbet:(R,W,D,WDAC,WO)
>>              NW10\None:(DENY)(S,X)
>>              NT AUTHORITY\Authenticated Users:(DENY)(S,X)
>>              NT AUTHORITY\SYSTEM:(DENY)(S,X)
>>              BUILTIN\Administrators:(DENY)(S,X)
>>              BUILTIN\Users:(DENY)(S,X)
>>              NW10\None:(RX)
>>              NT AUTHORITY\Authenticated Users:(RX,W)
>>              NT AUTHORITY\SYSTEM:(RX,W)
>>              BUILTIN\Administrators:(RX,W)
>>              BUILTIN\Users:(RX)
>>              Everyone:(R)
>>
>> If my understanding is correct concerning the precedence handling of an
>> ACL with multiple ACEs for the same user/ID, this result from grep
>> on the original, owning workstation would not surprise you:
>>
>> F:\Dev\cygshoot>grep foo fileexp.txt
>> grep: fileexp.txt: Permission denied
>>
>> but it blows me completely away.  Clearly I no longer have an environment
>> in which I can work on any file from any workstation using any Cygwin
>> utilities.
>>
>> What have I messed up?
> The problem is that your identity is based on the SID of every single
> machine, and the machines don't know the SIDs of other machines.  The
> default ACL created in Cygwin is emulating POSIX permissions.  This
> becomes a problem when sharing files between machines not in the
> same Windows domain.
>
> The workaround is not to use POSIX permissions on shares.  Create
> matching mount points in /etc/fstab or /etc/fstab.d/ and add the
> "noacl" mount flag:
>
>    https://cygwin.com/cygwin-ug-net/using.html#mount-table
>
> Alternatively, you can also just add an fstab entry for the cygdrive
> prefix which adds the "noacl" flag, see
>
>    https://cygwin.com/cygwin-ug-net/using.html#cygdrive
>
> but keep in mind that this also affects local paths if you access
> them via the cygdrive prefix.
>
>
> HTH,
> Corinna
>