Fwd: Objects in ACL cygwin win 10
Sat Oct 24 07:35:53 GMT 2020
On 2020-10-24 01:09, Jim McNamara via Cygwin wrote:
> On Sat, Oct 24, 2020, 3:02 AM Jim McNamara wrote:
>> On Sat, Oct 24, 2020, 12:46 AM Brian Inglis wrote:
>>> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote:
>>>> On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote:
>>>>> I have to admit I am not 100% sure what you are asking, but I am
>>>>> careful to grant SYSTEM access so that my backup program can access
>>>>> and save a copy of virtually everything
>>>> Thanks for you and Brian helping me.
>>>> I used icacls cygwin /q /c /t reset
>>> You have to be very careful using icacls and other Windows commands with
>>> ACLs as
>>> "ICACLS preserves the canonical ordering of ACE entries:
>>> Explicit denials
>>> Explicit grants
>>> Inherited denials
>>> Inherited grants"
>>> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows
>>> Explorer often does not consider Cygwin ACLs in what it considers
>>> order and requires them to be reordered, which breaks the Cygwin
>>> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with
>>> as users, groups, or both:
>>> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/;
>>> icacls C:/Users/
>>> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/
>>> # file: /proc/cygdrive/c/Users/
>>> # owner: SYSTEM
>>> # group: SYSTEM
>>> group:Administrators:rwx #effective:r-x
>>> default:group:Administrators:rwx #effective:r-x
>>> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
>>> Successfully processed 1 files; Failed processing 0 files
>> Yes, I see now what you are saying. Didn't know why it behaves like that.
>> Do you reccomend:
>> A. Noacl option in fstab
>> B. Reinstall and leave icacls in windows alone so I can deploy in future
>> with runtime
> I decided to go with b. since windows ntfs wont recognize a and I want to
> deploy. I'm using cygwin to make agar gui apps for cobol (at least that is
> the plan).
That's normally the best way, although it may also be okay to add ACEs with
permission grants to groups as normal, or equivalents via GPOs.
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
More information about the Cygwin