This is the mail archive of the
mailing list for the Cygwin project.
Re: ntsec: changing the everyone user
At 05:23 PM 9/22/2003, Chris Rodgers you wrote:
>> On Mon, Sep 15, 2003 at 05:35:20PM +0100, Chris Rodgers wrote:
>> > OK. Here is an example of the way permissions leak out to "Everyone". I
>> > create a new file, with no permissions granted to "other". Cygwin shows
>> > to have worked OK. Yet in actual fact there is an ACL there giving
>> > some access rights. I usually choose not to have "Everyone" authorised
>> > anything on my Windows NT/2000 boxes, using Authorised Users instead.
>> > way, without a valid login, you cannot get any information, including
>> > usernames and ACLs.
>> > How can I stop cygwin setting these ACLs?
>> Did you have a close look to the access rights granted to everyone?
>> Otherwise, just don't use ntsec.
>> > [...]
>> > Everyone:(special access:)
>> > READ_CONTROL
>> > FILE_READ_EA
>> > FILE_READ_ATTRIBUTES
>For the archives (NOT for release :-)), I think that a quick hack is to
>redefine well_known_world_sid in src/winsup/cygwin/sec_helper.cc to be
>"S-1-5-11" instead of "S-1-1-0". This refers to the "Authorized Users"
>well-known group, instead of to "Everyone".
Glad you found a resolution to this for your own needs but I have to say
I'm with Corinna. I don't see how giving everyone read access to the
security descriptor/attributes/extended attributes is a problem. The
file still can't be accessed unless that information says that it can
for the current user.
Larry Hall http://www.rfk.com
RFK Partners, Inc. (508) 893-9779 - RFK Office
838 Washington Street (508) 893-9889 - FAX
Holliston, MA 01746
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html