Duplicate ACLs? - Can't copy file even with Admin permissions
Corinna Vinschen
corinna-cygwin@cygwin.com
Fri Jan 7 13:22:25 GMT 2022
On Jan 6 16:11, cygwin@kosowsky.org wrote:
> Corinna Vinschen wrote:
> > On Jan 3 10:51, cyg...@kosowsky.org wrote:
> > > I have a file: /c/Config.Msi/3da9e136.rbf that I cannot copy, even when
> > > [...]
> > > # getfacl 3da9e136.rbf
> > > # file: 3da9e136.rbf
> > > # owner: Administrators
> > > # group: SYSTEM
> > > user::rwx
> > > group::rwx
> > > other::r-x
> > > user::rwx
> > > group::rwx
> > > group:SYSTEM:rwx
> > > mask::rwx
> > > other::r-x
> > > [...]
> > [...]
> > Would you mind to run `icacls 3da9e136.rbf /save 3da9e136.acl
> > and paste the content of 3da9e136.acl into your reply?
>
> I ran the code you suggested:
> #icacls 3da9e136.rbf /save 3da9e136.acl
> processed file: 3da9e136.rbf
> Successfully processed 1 files; Failed processing 0 files
>
> #cat 3da9e136.acl
> 3da9e136.rbf
> D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
>
> Not sure how to interpret the above but hope it's helpful...
It is. I realized belatedly, that 3da9e136.acl is apparently a
directory, not a file. So I tweaked my local test accordingly, and
here's my session output:
$ mkdir acltest
$ chown Administrators.SYSTEM acltest
$ cat aclfile.sav
acltest
D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
$ icacls . /restore aclfile.sav
processed file: .\acltest
Successfully processed 1 files; Failed processing 0 files
$ icacls acltest
acltest NT AUTHORITY\SYSTEM:(OI)(CI)(F)
Everyone:(OI)(CI)(RX)
BUILTIN\Administrators:(OI)(CI)(F)
Successfully processed 1 files; Failed processing 0 files
> #icacls 3da9e136.rbf
> 3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> Everyone:(OI)(CI)(RX)
> BUILTIN\Administrators:(OI)(CI)(F)
>
> Successfully processed 1 files; Failed processing 0 files
So the DACL is now identical to yours. Let's try getfacl:
$ getfacl --version | head -1
getfacl (cygwin) 3.3.3
$ getfacl acltest
# file: acltest
# owner: Administrators
# group: SYSTEM
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:SYSTEM:rwx
default:mask::rwx
default:other::r-x
Ok, that looks correct. Now compare with the output of your getfacl:
> #getfacl 3da9e136.rbf
> # file: 3da9e136.rbf
> # owner: Administrators
> # group: SYSTEM
> user::rwx
> group::rwx
> other::r-x
> user::rwx
> group::rwx
> group:SYSTEM:rwx
> mask::rwx
> other::r-x
It's exactly the same as the one my gefacl prints above, except the
"default:" specifier for default ACEs is missing in the output.
I can't explain that, sorry. Old getfacl version? Running an output
filter of some sort? Clutching at straws here....
> > Please use "reply-to" to keep mail threading intact. Your two
> > mails in terms of this problem are disconnected for some reason.
>
> Not sure why my MTA has not been threading properly but for some
> reason I didn't receive your response either.
By default I'm using "list-reply-to" in mutt, so replies are only
going to the mailing list. I added you to the CC for this reply.
> Hopefully this gets attached to the correct thread.
It did, thanks.
Corinna
More information about the Cygwin
mailing list