Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin AT sources DOT redhat DOT com
From:	Corinna Vinschen <cygwin AT cygwin DOT com>
Date:	Wed, 20 Dec 2000 13:51:04 +0100
X-Mailer:	KMail [version 1.1.99]
To:	cygwin AT cygwin DOT com
References:	<00F8D6E8AB0DD3118F1A006008186C962479E0 AT SERVER1>
In-Reply-To:	<00F8D6E8AB0DD3118F1A006008186C962479E0@SERVER1>
Subject:	Re: getfacl/setfacl problem
MIME-Version:	1.0
Message-Id:	<0012201351040P.28008@cygbert>
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id HAA10692

This is W2K, isn't it? It's very likely that you got a problem with that
damned inheritence of permissions from directories to child objects.

I have just checked in a patch to Cygwin to always set SE_DACL_PROTECTED
in the security descriptor of an object on every change to the security
descriptor. This is only for Win2K. You should never get this problem on
earlier NTs.

However, it might be that I will get hit for that change by other users
but I'm willing to live with that.

The change is already in the Cygwin CVS repository and will be part
of the next developers snapshot.

Hope, that helps,
Corinna


On Wednesday 20 December 2000 02:52, Andrew Dalgleish wrote:
> I have some permissions screwed up.
>
> I created a directory using the local admin account, and it inherited
> permissions from the local "Users" group.
> I then installed cygwin using a domain account.
> I created a valid /etc/passwd and /etc/group
>
> I used
> chgrp -R "Domain Users" /
> to reset the group and chmod to reset the permissions.
> Everything looks ok:
>
> andrewd AT A5-2K:/ $ls -al / | grep var
> drwxr-xr-x   6 cygwin   Domain U        0 Dec 18 14:08 var
>
> The problem is that for some reason the local "Users" group still has
> access, as getfacl shows:
>
> andrewd AT A5-2K:/ $getfacl /var
> # file: /var
> # owner: 1228
> # group: 513
> user::rwx
> group::r-x
> group:545:rwx
> mask::r-x
> other::r-x
> default:user::rwx
> default:group::r-x
> default:group:545:rwx
> default:mask::r-x
> default:other::r-x
>
> For some reason I cant get setfacl to remove the "group:545:"
> entries, all I get is
> "setfacl: illegal acl entries"
> even the following doesn't work
> touch foo
> touch bar
> getfacl foo | setfacl -f - bar
>
> (As a work around,
> chgrp "Users" $FILE && chgrp "Domain Users" $FILE
> seems to work.)
>
> I'm about to recompile everything so I can step through it.
>
> Regards,
> Andrew Dalgleish
>
>
> --
> Want to unsubscribe from this list?
> Check out: http://cygwin.com/ml/#unsubscribe-simple

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple

- Raw text -