Mail Archives: cygwin/2015/02/27/13:18:05
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
|
| :list-unsubscribe:list-subscribe:list-archive:list-post
|
| :list-help:sender:message-id:date:subject:from:to:mime-version
|
| :content-type:content-transfer-encoding; q=dns; s=default; b=trj
|
| UVfu+kaCaug5Se803chfhIRJ2ErOSuMzm2NCglW8NsGyz7lP5X41FLqQhIWwwxNM
|
| 5xG6xavR/AU/EohMwrH+//BjNfamcaVER4V3I7hXD2B78TiMauG/2feozW1Ual91
|
| KNN0oAwfnM/YrRtmaCOT00fnp6I5a/+TIvJzLErQ=
|
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
|
| :list-unsubscribe:list-subscribe:list-archive:list-post
|
| :list-help:sender:message-id:date:subject:from:to:mime-version
|
| :content-type:content-transfer-encoding; s=default; bh=U/CtnAwHL
|
| wW7LLxFSBln+ZdVk4s=; b=xMRIoJsi2h7NMaGOurJ0j2XQ4c1E6QlYkIdwtQ/2i
|
| 7hW0eqfdHLN/jyqoefLX3baIhHiczgqh6oqlsdPVvLEQLXASdT0DTH6ohUZeSuYj
|
| poz5TNInPb/9FeUeOHEU6flqf8YiEDxVsryjLyp8ttNAXRuQEYb+30QMBipKxEPt
|
| LA=
|
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm
|
| List-Id: | <cygwin.cygwin.com>
|
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com>
|
| List-Archive: | <http://sourceware.org/ml/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
|
| Sender: | cygwin-owner AT cygwin DOT com
|
| Mail-Followup-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | mailing list cygwin AT cygwin DOT com
|
| Authentication-Results: | sourceware.org; auth=none
|
| X-Virus-Found: | No
|
| X-Spam-SWARE-Status: | No, score=0.2 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2
|
| X-HELO: | lb2-smtp-cloud6.xs4all.net
|
| Message-ID: | <9809893dbbb682398e2602fd29490b83.squirrel@webmail.xs4all.nl>
|
| Date: | Fri, 27 Feb 2015 19:17:44 +0100
|
| Subject: | I really, really wonder ...
|
| From: | "Houder" <houder AT xs4all DOT nl>
|
| To: | cygwin AT cygwin DOT com
|
| User-Agent: | SquirrelMail/1.4.18
|
| MIME-Version: | 1.0
|
Hi Corinna,
Ref: https://cygwin.com/ml/cygwin/2015-02/msg00856.html
- Too Many Permissions Stripped In 1.7.35?
Is it true? Is Cygwin a system to manage Windows? I NEVER got that impression.
I have always been content that I was able to use Cygwin in a directory tree, that had been
especially prepared by me for the sake of using Cygwin (doing development-like things).
Using Cygwin on NTFS (i.e. Windows ACL), trouble is "around the corner", I believe.
As an example, below an attempt to create a "posix" directory on a filesystem (drive), that
has NOT been modified (!nurtured!) in advance.
I wonder whether it is really worthwile to "fortify" Cygwin against each and every "mishap"
that Windows may throw at Cygwin? (yes, sort of a vote, that you asked for)
(btw, how about some sleep now and then?)
(you are welcome NOT to reply -- I just wanted to get this off my chest :-)
Henri
-----
List of comands: -- yes, I know, the example is somewhat artifical
- create QL using Explorer
- chown Henri:None QL # perm denied -- file owner == Henri ... not Unixy, is it?
- setfacl -b QL # perm denied
- setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # perm denied
- touch QL # ... oh well, as an exception ...
- chmod 000 QL # 000? yes, you may argue why ... (well, it apparently does the job)
- setfacl -b QL # look here, now it succeeds
- chmod 755 QL # succeeds, but ... creator owner still suffers ...
- setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # finally, target achieved!
@@ uname -a
CYGWIN_NT-6.1-WOW Seven 1.7.35s(0.286/5/3) 20150226 20:41:55 i686 Cygwin
@@ pwd # NON-elevated bash
/drv/d
@@ icacls.sh QL
D:/QL
BUILTIN\Administrators (I)(F)
BUILTIN\Administrators (I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM (I)(F)
NT AUTHORITY\SYSTEM (I)(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users (I)(M)
NT AUTHORITY\Authenticated Users (I)(OI)(CI)(IO)(M)
BUILTIN\Users (I)(RX)
BUILTIN\Users (I)(OI)(CI)(IO)(GR,GE)
Successfully processed 1 files; Failed processing 0 files
@@ ls-facl.sh QL
D:/QL
Owner: Seven\Henri <==== yes, I am the owner!
Group: Seven\None
DACL(not_protected):
BUILTIN\Administrators full allow no_inheritance
BUILTIN\Administrators full allow \
container_inherit+object_inherit+inherit_only
NT AUTHORITY\SYSTEM full allow no_inheritance
NT AUTHORITY\SYSTEM full allow \
container_inherit+object_inherit+inherit_only
NT AUTHORITY\Authenticated Users change allow no_inheritance
NT AUTHORITY\Authenticated Users change allow \
container_inherit+object_inherit+inherit_only
BUILTIN\Users read_execute allow no_inheritance
BUILTIN\Users read_execute allow \
container_inherit+object_inherit+inherit_only
SetACL finished successfully.
@@ chown Henri:None QL
chown: changing ownership of ‘QL’: Permission denied
@@ setfacl -b QL
setfacl: Permission denied
@@ setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL
setfacl: Permission denied
@@ touch QL
@@ chmod 000 QL # because chmod 'rocks', apparently ... some sort of healing potion, I imagine?
@@ icacls.sh QL
D:/QL
Seven\Henri (D,Rc,WDAC,WO,RA,WA) # will have to work on that
Seven\None (Rc,S,RA)
Everyone (Rc,S,RA)
BUILTIN\Administrators (Rc,S,RA)
BUILTIN\Administrators (OI)(CI)(IO)
NT AUTHORITY\SYSTEM (Rc,S,RA)
NT AUTHORITY\SYSTEM (OI)(CI)(IO)
NT AUTHORITY\Authenticated Users (Rc,S,RA)
NT AUTHORITY\Authenticated Users (OI)(CI)(IO)
BUILTIN\Users (Rc,S,RA)
BUILTIN\Users (OI)(CI)(IO)
Successfully processed 1 files; Failed processing 0 files
@@ setfacl -b QL # get rid of those useless mavericks ...
@@ icacls.sh QL
D:/QL
Seven\Henri (D,Rc,WDAC,WO,RA,WA)
Seven\None (Rc,S,RA)
Everyone (Rc,S,RA)
CREATOR OWNER (OI)(CI)(IO)(D,Rc,WDAC,WO,RA,WA)
CREATOR GROUP (OI)(CI)(IO)(Rc,RA)
Everyone (OI)(CI)(IO)(Rc,RA)
Successfully processed 1 files; Failed processing 0 files
@@ chmod 755 QL # will it restore full control?
@@ icacls.sh QL
D:/QL
Seven\Henri (F)
Seven\None (RX)
Everyone (RX)
CREATOR OWNER (OI)(CI)(IO)(D,Rc,WDAC,WO,RA,WA) # uhm, creator owner still suffers ...
CREATOR GROUP (OI)(CI)(IO)(Rc,RA)
Everyone (OI)(CI)(IO)(Rc,RA)
Successfully processed 1 files; Failed processing 0 files
@@ setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # now what can I expect from this command?
@@ icacls.sh QL
D:/QL
Seven\Henri (F)
Seven\None (RX)
Everyone (RX)
CREATOR OWNER (OI)(CI)(IO)(F) # Oh well, it did the trick ...
CREATOR GROUP (OI)(CI)(IO)(RX)
Everyone (OI)(CI)(IO)(RX)
Successfully processed 1 files; Failed processing 0 files
@@
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -