Duplicate ACLs? - Can't copy file even with Admin permissions

cygwin@kosowsky.org cygwin@kosowsky.org
Fri Jan 7 20:56:06 GMT 2022 

> Corinna Vinschen wrote:
> On Jan  6 16:11, cyg...@kosowsky.org wrote:
> It is.  I realized belatedly, that 3da9e136.acl is apparently a
> directory, not a file.

It's actually a file...
     # ls -al 3da9e136.rbf
     -rwxrwxr-x+ 1 Administrators SYSTEM 96728 Jul  8  2018 3da9e136.rbf*

     #file 3da9e136.rbf
     3da9e136.acl: data
     3da9e136.rbf: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Window

Notice:
    # icacls.exe  3da9e136.rbf
    3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                 Everyone:(OI)(CI)(RX)
		 BUILTIN\Administrators:(OI)(CI)(F)

    Successfully processed 1 files; Failed processing 0 files

But:
    #icacls 3da9e136.rbf /save 3da9e136.acl
    processed file: 3da9e136.rbf
    Successfully processed 1 files; Failed processing 0 files

    #cat 3da9e136.acl
    3da9e136.rbf
    D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)


> So I tweaked my local test accordingly, and
> here's my session output:
> 
>   $ mkdir acltest
>     $ chown Administrators.SYSTEM acltest
>       $ cat aclfile.sav
>         acltest
> 	  D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
> 	    $ icacls . /restore aclfile.sav
> 	      processed file: .\acltest
> 	        Successfully processed 1 files; Failed processing 0
>     files
>       $ icacls acltest
>         acltest NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> 	          Everyone:(OI)(CI)(RX)
> 		            BUILTIN\Administrators:(OI)(CI)(F)
> 
>   Successfully processed 1 files; Failed processing 0 files
> 
> >   #icacls 3da9e136.rbf
> >   3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> >              Everyone:(OI)(CI)(RX)
> >              BUILTIN\Administrators:(OI)(CI)(F)
> >
> >   Successfully processed 1 files; Failed processing 0 files
> 
> So the DACL is now identical to yours.  Let's try getfacl:
> 
>   $ getfacl --version | head -1
>     getfacl (cygwin) 3.3.3
>       $ getfacl acltest
>         # file: acltest
> 	  # owner: Administrators
> 	    # group: SYSTEM
> 	      user::rwx
> 	        group::rwx
> 		  other::r-x
> 		    default:user::rwx
> 		      default:group::rwx
> 		        default:group:SYSTEM:rwx
> 			  default:mask::rwx
> 			    default:other::r-x
> 
> Ok, that looks correct.  Now compare with the output of your getfacl:
> 
> >   #getfacl 3da9e136.rbf
> >   # file: 3da9e136.rbf
> >   # owner: Administrators
> >   # group: SYSTEM
> >   user::rwx
> >   group::rwx
> >   other::r-x
> >   user::rwx
> >   group::rwx
> >   group:SYSTEM:rwx
> >   mask::rwx
> >   other::r-x
> 
> It's exactly the same as the one my gefacl prints above, except the
> "default:" specifier for default ACEs is missing in the output.

Could that because yours is a directory and mine is a file

> I can't explain that, sorry.  Old getfacl version?  Running an output
> filter of some sort?  Clutching at straws here....

  #getfacl --version | head -1
  getfacl (cygwin) 3.3.3

More information about the Cygwin mailing list