Duplicate ACLs? - Can't copy file even with Admin permissions
cygwin@kosowsky.org
cygwin@kosowsky.org
Fri Jan 7 20:56:06 GMT 2022
> Corinna Vinschen wrote:
> On Jan 6 16:11, cyg...@kosowsky.org wrote:
> It is. I realized belatedly, that 3da9e136.acl is apparently a
> directory, not a file.
It's actually a file...
# ls -al 3da9e136.rbf
-rwxrwxr-x+ 1 Administrators SYSTEM 96728 Jul 8 2018 3da9e136.rbf*
#file 3da9e136.rbf
3da9e136.acl: data
3da9e136.rbf: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Window
Notice:
# icacls.exe 3da9e136.rbf
3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
Everyone:(OI)(CI)(RX)
BUILTIN\Administrators:(OI)(CI)(F)
Successfully processed 1 files; Failed processing 0 files
But:
#icacls 3da9e136.rbf /save 3da9e136.acl
processed file: 3da9e136.rbf
Successfully processed 1 files; Failed processing 0 files
#cat 3da9e136.acl
3da9e136.rbf
D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
> So I tweaked my local test accordingly, and
> here's my session output:
>
> $ mkdir acltest
> $ chown Administrators.SYSTEM acltest
> $ cat aclfile.sav
> acltest
> D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
> $ icacls . /restore aclfile.sav
> processed file: .\acltest
> Successfully processed 1 files; Failed processing 0
> files
> $ icacls acltest
> acltest NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> Everyone:(OI)(CI)(RX)
> BUILTIN\Administrators:(OI)(CI)(F)
>
> Successfully processed 1 files; Failed processing 0 files
>
> > #icacls 3da9e136.rbf
> > 3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> > Everyone:(OI)(CI)(RX)
> > BUILTIN\Administrators:(OI)(CI)(F)
> >
> > Successfully processed 1 files; Failed processing 0 files
>
> So the DACL is now identical to yours. Let's try getfacl:
>
> $ getfacl --version | head -1
> getfacl (cygwin) 3.3.3
> $ getfacl acltest
> # file: acltest
> # owner: Administrators
> # group: SYSTEM
> user::rwx
> group::rwx
> other::r-x
> default:user::rwx
> default:group::rwx
> default:group:SYSTEM:rwx
> default:mask::rwx
> default:other::r-x
>
> Ok, that looks correct. Now compare with the output of your getfacl:
>
> > #getfacl 3da9e136.rbf
> > # file: 3da9e136.rbf
> > # owner: Administrators
> > # group: SYSTEM
> > user::rwx
> > group::rwx
> > other::r-x
> > user::rwx
> > group::rwx
> > group:SYSTEM:rwx
> > mask::rwx
> > other::r-x
>
> It's exactly the same as the one my gefacl prints above, except the
> "default:" specifier for default ACEs is missing in the output.
Could that because yours is a directory and mine is a file
> I can't explain that, sorry. Old getfacl version? Running an output
> filter of some sort? Clutching at straws here....
#getfacl --version | head -1
getfacl (cygwin) 3.3.3
More information about the Cygwin
mailing list