This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Issues with ACL settings after updating to the latest cygwin.dll - correction
- From: Erik Soderquist <ErikSoderquist at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Fri, 29 Apr 2016 12:03:33 -0400
- Subject: Re: Issues with ACL settings after updating to the latest cygwin.dll - correction
- Authentication-results: sourceware.org; auth=none
- References: <1160735037 dot 124947226 dot 1457200185315 dot JavaMail dot root at zimbra93-e16 dot priv dot proxad dot net> <1936538945 dot 131164828 dot 1457377923154 dot JavaMail dot root at zimbra93-e16 dot priv dot proxad dot net> <20160308090233 dot GA13971 at calimero dot vinschen dot de> <CACoZoo385sv6iWTQspaNbbrbF5LtbWSNvFmViTTVTHKrtPO1gQ at mail dot gmail dot com>
I'm having a similar issue with strange acl results... I wish I knew
which update triggered this, but I'd ignored and/or worked around
it...
I can reproduce it with the following:
user@localhost ~
$ touch /tmp/foo
user@localhost ~
$ chmod 700 /tmp/foo
user@localhost ~
$ echo foo>/tmp/foo
-bash: /tmp/foo: Permission denied
user@localhost ~
$ ls -la /tmp
total 20
drwxrwxrwx+ 1 user Administrators 0 Apr 29 11:42 .
dr-xrwxr-x+ 1 Administrators Administrators 0 Mar 9 17:00 ..
-rwx------+ 1 user Domain Users 0 Apr 29 11:42 foo
result of the acl commands, as I've seen them requested are:
user@localhost /tmp
$ cacls foo
C:\cygwin64\tmp\foo NewDomain\user:(DENY)(special access:)
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_DELETE_CHILD
FILE_WRITE_ATTRIBUTES
NewDomain\user:F
NewDomain\user:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
NewDomain\Domain Users:(DENY)(special access:)
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_DELETE_CHILD
FILE_WRITE_ATTRIBUTES
OldDomain\Domain Users:(DENY)(special access:)
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_DELETE_CHILD
FILE_WRITE_ATTRIBUTES
NewDomain\Domain Users:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
BUILTIN\Administrators:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
OldDomain\Domain Users:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_READ_ATTRIBUTES
user@localhost /tmp
$ icacls foo
foo NewDomain\user:(DENY)(W,RD,REA,DC)
NewDomain\user:(F)
NewDomain\user:(R,W)
NewDomain\Domain Users:(DENY)(W,RD,REA,DC)
OldDomain\Domain Users:(DENY)(W,RD,REA,DC)
NewDomain\Domain Users:(R,W)
BUILTIN\Administrators:(R,W)
OldDomain\Domain Users:(R,W)
Everyone:(Rc,S,RA)
Successfully processed 1 files; Failed processing 0 files
I don't understand why there is a DENY at all rather than simply
removing the Allow permissions, nor do I understand why the user, who
is owner of the file and has rwx for it, is getting a DENY at all.
-- Erik
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple