This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ntsec: changing the everyone user

> On Mon, Sep 15, 2003 at 05:35:20PM +0100, Chris Rodgers wrote:
> > OK. Here is an example of the way permissions leak out to "Everyone". I
> > create a new file, with no permissions granted to "other". Cygwin shows
> > to have worked OK. Yet in actual fact there is an ACL there giving
> > some access rights. I usually choose not to have "Everyone" authorised
to do
> > anything on my Windows NT/2000 boxes, using Authorised Users instead.
> > way, without a valid login, you cannot get any information, including
> > usernames and ACLs.
> >
> > How can I stop cygwin setting these ACLs?
> Did you have a close look to the access rights granted to everyone?
> Otherwise, just don't use ntsec.
> Corinna
> > [...]
> >                 Everyone:(special access:)
> >                          READ_CONTROL
> >                          FILE_READ_EA
> >                          FILE_READ_ATTRIBUTES

For the archives (NOT for release :-)), I think that a quick hack is to
redefine well_known_world_sid in src/winsup/cygwin/ to be
"S-1-5-11" instead of "S-1-1-0". This refers to the "Authorized Users"
well-known group, instead of to "Everyone".


Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]