Mail Archives: cygwin/2008/04/10/04:43:17
On Apr 10 04:19, Gmane User wrote:
> I have a power user file that has go-rwx. However, the administrator
> account can "less" the contents from a bash command line. This is
> both logging onto Windows 2000 as admin, as well as ssh'ing in
> (loopback) from the power user log-in session. The administrator can
> also "mv" the file to a different name, but it can't create a new file
> in the same folder e.g. by "cp".
>
> CACLS shows an extensive set of permissions for the power user owner,
> but only READ_CONTROL, FILE_READ_EA, & FILE_READ_ATTRIBUTES for
> LaptopName\None and Everyone. I've come across nothing on the web
> (yet) about a special privilege that allows administrators the level
> of access that it seems to have. In fact, if I just open up a DOS
> shell as Administrator, I cannot "more" the said file. So it seems to
> be specific to Cygwin rather than Windows.
> [...]
> what is the explanation?
The secret word for tonight is "Privileges". See
http://msdn2.microsoft.com/en-us/library/bb530716(vs.85).aspx
Administrators have the SE_BACKUP_NAME privilege by default. Cygwin
opens the files with the FILE_FLAG_BACKUP_SEMANTICS flag set, see
http://msdn2.microsoft.com/en-us/library/aa363858.aspx So, all accounts
with the backup privilege (usually admins and backup operators) can open
all files. That's the same as with the "root" user on UNIX.
It does not work with the standard Windows tools, because these tools
don't open files with FILE_FLAG_BACKUP_SEMANTICS. Sort of an
obfuscation, if you ask me.
cp doesn't work because the current release of Cygwin doesn't use
the FILE_FLAG_BACKUP_SEMANTICS flag in every necessary place so far.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -