delorie.com/archives/browse.cgi | search |
X-Recipient: | archive-cygwin AT delorie DOT com |
X-SWARE-Spam-Status: | No, hits=-2.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS |
X-Spam-Check-By: | sourceware.org |
Message-ID: | <4AD4D5FB.4000906@gmail.com> |
Date: | Tue, 13 Oct 2009 20:33:15 +0100 |
From: | Dave Korn <dave DOT korn DOT cygwin AT googlemail DOT com> |
User-Agent: | Thunderbird 2.0.0.17 (Windows/20080914) |
MIME-Version: | 1.0 |
To: | cygwin AT cygwin DOT com |
Subject: | Re: How to deny directory-access for one dedicated user |
References: | <hb2bil$o3s$1 AT ger DOT gmane DOT org> <416096c60910131027g3df5021ei9b15ab5067353ce0 AT mail DOT gmail DOT com> |
In-Reply-To: | <416096c60910131027g3df5021ei9b15ab5067353ce0@mail.gmail.com> |
Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
List-Id: | <cygwin.cygwin.com> |
List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
List-Archive: | <http://sourceware.org/ml/cygwin/> |
List-Post: | <mailto:cygwin AT cygwin DOT com> |
List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
Sender: | cygwin-owner AT cygwin DOT com |
Mail-Followup-To: | cygwin AT cygwin DOT com |
Delivered-To: | mailing list cygwin AT cygwin DOT com |
Andy Koppe wrote: > 2009/10/13 Matthias Meyer: >> But nevertheless, user Backup can access the directory as well as the files > > Does user "Backup" have Administrator privileges? No, user "Backup User" has the "Backup/Restore" privilege. These are well-known reserved names in the NT security architecture. And in fact administrator privs don't get you access to any file you like: as it happens, the reason why adminstrators in fact *can* access any file on the system, regardless of ACLs, is because they have _backup_ privileges - it's the exact inverse of the question you asked! This is one of those areas where the underlying windows OS architecture diverges significantly from how things work in POSIX land and Cygwin can't do all that much to fudge over it. You can be uid 0 on windows and not be able to read a file when you want, or you can have uid non-zero and yet still get complete access to every file you like! cheers, DaveK -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
webmaster | delorie software privacy |
Copyright © 2019 by DJ Delorie | Updated Jul 2019 |