This is the mail archive of the
mailing list for the Cygwin project.
Re: How to deny directory-access for one dedicated user
Dave Korn wrote:
> Andy Koppe wrote:
>> 2009/10/13 Matthias Meyer:
>>> But nevertheless, user Backup can access the directory as well as the
>> Does user "Backup" have Administrator privileges?
> No, user "Backup User" has the "Backup/Restore" privilege. These are
> well-known reserved names in the NT security architecture.
> And in fact administrator privs don't get you access to any file you
> as it happens, the reason why adminstrators in fact *can* access any file
> on the system, regardless of ACLs, is because they have _backup_
> privileges - it's the exact inverse of the question you asked!
> This is one of those areas where the underlying windows OS architecture
> diverges significantly from how things work in POSIX land and Cygwin can't
> all that much to fudge over it. You can be uid 0 on windows and not be
> able to read a file when you want, or you can have uid non-zero and yet
> still get complete access to every file you like!
My user is called "backup". It is an own created user.
"backup" is member of the administrator group and have the following
additional privileges, defined by editrights:
Thanks jason for the cacls hint.
I tried "cacls C:\Test /E /D backup". /E is very importand ;-)
But as before, user "backup" can acccess the directory.
Also after removing of the administrator group from user "backup"
and re-login, "backup" can access C:\Test.
$ cacls "C:\Test"
VORDEFINIERT\Administratoren:(OI)(CI)F # predefined\Administrator:...
ERSTELLER-BESITZER:(OI)(CI)(IO)F # creater-owner:...
VORDEFINIERT\Benutzer:(OI)(CI)R # predefined\user:...
VORDEFINIERT\Benutzer:(CI)(Beschrnkter Zugriff:) # predefined\user:.(restricted access:)
$ cacls "C:\Test"
Zugriff verweigert #=access denied
$ ls -alh "C:\Test"
drwx------+ 2 meyer Kein 0 Oct 17 13:15 .
drwxrwxr-x+ 12 Administratoren SYSTEM 0 Oct 17 13:15 ..
-rwx------+ 1 meyer Kein 0 Oct 17 13:15 Neu Textdokument.txt
How to solve my goal?
The user "backup" should backup all data but not certain directories.
PS: Sorry for the inconvenience with German.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple