This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: ntsec: changing the everyone user
- From: "Chris Rodgers" <cygwin at bulk dot rodgers dot org dot uk>
- To: "Cygwin List" <cygwin at cygwin dot com>
- Date: Mon, 15 Sep 2003 17:35:20 +0100
- Subject: Re: ntsec: changing the everyone user
- References: <5.1.0.14.0.20030915104435.027cf828@127.0.0.1>
OK. Here is an example of the way permissions leak out to "Everyone". I
create a new file, with no permissions granted to "other". Cygwin shows this
to have worked OK. Yet in actual fact there is an ACL there giving Everyone
some access rights. I usually choose not to have "Everyone" authorised to do
anything on my Windows NT/2000 boxes, using Authorised Users instead. This
way, without a valid login, you cannot get any information, including
usernames and ACLs.
How can I stop cygwin setting these ACLs?
[628 chris-mob /]$ umask
0007
[629 chris-mob /]$ touch delme
[630 chris-mob /]$ ls -al delme
-rw-rw---- 1 Administ wheel 0 Sep 15 17:31 delme
[631 chris-mob /]$ getfacl delme
# file: delme
# owner: Administrator
# group: wheel
user::rw-
group::rw-
mask:rwx
other:---
[632 chris-mob /]$ cacls delme
C:\cygwin\delme CHRIS-MOB\Administrator:(special access:)
STANDARD_RIGHTS_ALL
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
STANDARD_RIGHTS_REQUIRED
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
BUILTIN\Administrators:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
Everyone:(special access:)
READ_CONTROL
FILE_READ_EA
FILE_READ_ATTRIBUTES
[633 chris-mob /]$
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/