Mail Archives: cygwin/2009/10/13/15:19:02

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2009/10/13/15:19:02

X-Recipient: archive-cygwin AT delorie DOT com

X-SWARE-Spam-Status: No, hits=-2.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS

X-Spam-Check-By: sourceware.org

Message-ID: <4AD4D5FB.4000906@gmail.com>

Date: Tue, 13 Oct 2009 20:33:15 +0100

From: Dave Korn <dave DOT korn DOT cygwin AT googlemail DOT com>

User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: How to deny directory-access for one dedicated user

References: <hb2bil$o3s$1 AT ger DOT gmane DOT org> <416096c60910131027g3df5021ei9b15ab5067353ce0 AT mail DOT gmail DOT com>

In-Reply-To: <416096c60910131027g3df5021ei9b15ab5067353ce0@mail.gmail.com>

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Andy Koppe wrote:
> 2009/10/13 Matthias Meyer:
>> But nevertheless, user Backup can access the directory as well as the files
> 
> Does user "Backup" have Administrator privileges? 

  No, user "Backup User" has the "Backup/Restore" privilege.  These are
well-known reserved names in the NT security architecture.

  And in fact administrator privs don't get you access to any file you like:
as it happens, the reason why adminstrators in fact *can* access any file on
the system, regardless of ACLs, is because they have _backup_ privileges -
it's the exact inverse of the question you asked!

  This is one of those areas where the underlying windows OS architecture
diverges significantly from how things work in POSIX land and Cygwin can't do
all that much to fudge over it.  You can be uid 0 on windows and not be able
to read a file when you want, or you can have uid non-zero and yet still get
complete access to every file you like!

    cheers,
      DaveK

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-2.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS
X-Spam-Check-By:	sourceware.org
Message-ID:	<4AD4D5FB.4000906@gmail.com>
Date:	Tue, 13 Oct 2009 20:33:15 +0100
From:	Dave Korn <dave DOT korn DOT cygwin AT googlemail DOT com>
User-Agent:	Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: How to deny directory-access for one dedicated user
References:	<hb2bil$o3s$1 AT ger DOT gmane DOT org> <416096c60910131027g3df5021ei9b15ab5067353ce0 AT mail DOT gmail DOT com>
In-Reply-To:	<416096c60910131027g3df5021ei9b15ab5067353ce0@mail.gmail.com>
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com