Duplicate ACLs? - Can't copy file even with Admin permissions

Corinna Vinschen corinna-cygwin@cygwin.com
Fri Jan 7 13:22:25 GMT 2022 

On Jan  6 16:11, cygwin@kosowsky.org wrote:
> Corinna Vinschen wrote:
> > On Jan  3 10:51, cyg...@kosowsky.org wrote:
> > > I have a file: /c/Config.Msi/3da9e136.rbf that I cannot copy, even when
> > > [...]
> > >       # getfacl 3da9e136.rbf
> > >       # file: 3da9e136.rbf
> > >       # owner: Administrators
> > >       # group: SYSTEM
> > >       user::rwx
> > >       group::rwx
> > >       other::r-x
> > >       user::rwx
> > >       group::rwx
> > >       group:SYSTEM:rwx
> > >       mask::rwx
> > >       other::r-x
> > > [...]
> > [...]
> > Would you mind to run `icacls 3da9e136.rbf /save 3da9e136.acl
> > and paste the content of 3da9e136.acl into your reply?
> 
> I ran the code you suggested:
>   #icacls 3da9e136.rbf /save 3da9e136.acl
>   processed file: 3da9e136.rbf
>   Successfully processed 1 files; Failed processing 0 files
> 
>   #cat 3da9e136.acl
>   3da9e136.rbf
>   D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
> 
> Not sure how to interpret the above but hope it's helpful...

It is.  I realized belatedly, that 3da9e136.acl is apparently a
directory, not a file.  So I tweaked my local test accordingly, and
here's my session output:

  $ mkdir acltest
  $ chown Administrators.SYSTEM acltest
  $ cat aclfile.sav
  acltest
  D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
  $ icacls . /restore aclfile.sav
  processed file: .\acltest
  Successfully processed 1 files; Failed processing 0 files
  $ icacls acltest
  acltest NT AUTHORITY\SYSTEM:(OI)(CI)(F)
          Everyone:(OI)(CI)(RX)
          BUILTIN\Administrators:(OI)(CI)(F)

  Successfully processed 1 files; Failed processing 0 files

>   #icacls 3da9e136.rbf
>   3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
>              Everyone:(OI)(CI)(RX)
>              BUILTIN\Administrators:(OI)(CI)(F)
> 
>   Successfully processed 1 files; Failed processing 0 files

So the DACL is now identical to yours.  Let's try getfacl:

  $ getfacl --version | head -1
  getfacl (cygwin) 3.3.3
  $ getfacl acltest
  # file: acltest
  # owner: Administrators
  # group: SYSTEM
  user::rwx
  group::rwx
  other::r-x
  default:user::rwx
  default:group::rwx
  default:group:SYSTEM:rwx
  default:mask::rwx
  default:other::r-x

Ok, that looks correct.  Now compare with the output of your getfacl:

>   #getfacl 3da9e136.rbf
>   # file: 3da9e136.rbf
>   # owner: Administrators
>   # group: SYSTEM
>   user::rwx
>   group::rwx
>   other::r-x
>   user::rwx
>   group::rwx
>   group:SYSTEM:rwx
>   mask::rwx
>   other::r-x

It's exactly the same as the one my gefacl prints above, except the
"default:" specifier for default ACEs is missing in the output.

I can't explain that, sorry.  Old getfacl version?  Running an output
filter of some sort?  Clutching at straws here....

> > Please use "reply-to" to keep mail threading intact.  Your two
> > mails in terms of this problem are disconnected for some reason.
> 
> Not sure why my MTA has not been threading properly but for some
> reason I didn't receive your response either.

By default I'm using "list-reply-to" in mutt, so replies are only
going to the mailing list.  I added you to the CC for this reply.

> Hopefully this gets attached to the correct thread.

It did, thanks.


Corinna

More information about the Cygwin mailing list