Mail Archives: cygwin/2009/10/17/08:39:32
Dave Korn wrote:
> Andy Koppe wrote:
>> 2009/10/13 Matthias Meyer:
>>> But nevertheless, user Backup can access the directory as well as the
>>> files
>>
>> Does user "Backup" have Administrator privileges?
>
> No, user "Backup User" has the "Backup/Restore" privilege. These are
> well-known reserved names in the NT security architecture.
>
> And in fact administrator privs don't get you access to any file you
> like:
> as it happens, the reason why adminstrators in fact *can* access any file
> on the system, regardless of ACLs, is because they have _backup_
> privileges - it's the exact inverse of the question you asked!
>
> This is one of those areas where the underlying windows OS architecture
> diverges significantly from how things work in POSIX land and Cygwin can't
> do
> all that much to fudge over it. You can be uid 0 on windows and not be
> able to read a file when you want, or you can have uid non-zero and yet
> still get complete access to every file you like!
>
> cheers,
> DaveK
My user is called "backup". It is an own created user.
"backup" is member of the administrator group and have the following
additional privileges, defined by editrights:
SeBackupPrivilege
SeRestorePrivilege
SeServiceLogonRight
Thanks jason for the cacls hint.
I tried "cacls C:\Test /E /D backup". /E is very importand ;-)
But as before, user "backup" can acccess the directory.
Also after removing of the administrator group from user "backup"
and re-login, "backup" can access C:\Test.
Administrator AT hostxp /
$ cacls "C:\Test"
C:\Test HOSTXP\Backup4U:(OI)(CI)N
VORDEFINIERT\Administratoren:(OI)(CI)F # predefined\Administrator:...
NT-AUTORITT\SYSTEM:(OI)(CI)F
HOSTXP\meyer:F
ERSTELLER-BESITZER:(OI)(CI)(IO)F # creater-owner:...
VORDEFINIERT\Benutzer:(OI)(CI)R # predefined\user:...
VORDEFINIERT\Benutzer:(CI)(Beschrnkter Zugriff:) # predefined\user:.(restricted access:)
FILE_APPEND_DATA
VORDEFINIERT\Benutzer:(CI)(Beschrnkter Zugriff:)
FILE_WRITE_DATA
backup AT hostxp ~
$ cacls "C:\Test"
C:\Test
Zugriff verweigert #=access denied
backup AT hostxp ~
$ ls -alh "C:\Test"
total 0
drwx------+ 2 meyer Kein 0 Oct 17 13:15 .
drwxrwxr-x+ 12 Administratoren SYSTEM 0 Oct 17 13:15 ..
-rwx------+ 1 meyer Kein 0 Oct 17 13:15 Neu Textdokument.txt
How to solve my goal?
The user "backup" should backup all data but not certain directories.
Thanks
Matthias
--
Don't Panic
PS: Sorry for the inconvenience with German.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -