This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: ntsec: changing the everyone user
At 05:23 PM 9/22/2003, Chris Rodgers you wrote:
>> On Mon, Sep 15, 2003 at 05:35:20PM +0100, Chris Rodgers wrote:
>> > OK. Here is an example of the way permissions leak out to "Everyone". I
>> > create a new file, with no permissions granted to "other". Cygwin shows
>this
>> > to have worked OK. Yet in actual fact there is an ACL there giving
>Everyone
>> > some access rights. I usually choose not to have "Everyone" authorised
>to do
>> > anything on my Windows NT/2000 boxes, using Authorised Users instead.
>This
>> > way, without a valid login, you cannot get any information, including
>> > usernames and ACLs.
>> >
>> > How can I stop cygwin setting these ACLs?
>>
>> Did you have a close look to the access rights granted to everyone?
>> Otherwise, just don't use ntsec.
>>
>> Corinna
>>
>> > [...]
>> > Everyone:(special access:)
>> > READ_CONTROL
>> > FILE_READ_EA
>> > FILE_READ_ATTRIBUTES
>>
>
>For the archives (NOT for release :-)), I think that a quick hack is to
>redefine well_known_world_sid in src/winsup/cygwin/sec_helper.cc to be
>"S-1-5-11" instead of "S-1-1-0". This refers to the "Authorized Users"
>well-known group, instead of to "Everyone".
Glad you found a resolution to this for your own needs but I have to say
I'm with Corinna. I don't see how giving everyone read access to the
security descriptor/attributes/extended attributes is a problem. The
file still can't be accessed unless that information says that it can
for the current user.
--
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
838 Washington Street (508) 893-9889 - FAX
Holliston, MA 01746
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/