| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:subject | |
| :references:in-reply-to:content-type; q=dns; s=default; b=vVcZ4G | |
| MsXrh2QHKFN7NJEqo3XUpC5WFhgKZDxG/xv3RtVbzdAfSlRn29Iq1R6MvVmCqKbN | |
| ctI9FdrmmTrxd8BVZ8miVVtLfwIwYO8ZAcXdFYkk73Ov8RF98FTHuvt5JRK99Uy8 | |
| XblZ086cbg4c767RIQ1PVeGQazDmy+tPZ1vWU= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:subject | |
| :references:in-reply-to:content-type; s=default; bh=OLNoynJbZdFK | |
| v2kpRlBROzCncwU=; b=IlhTryIsbzxUgL7pvEXH0FjPsSnWMCPJe4mhdA/5k8hB | |
| tRU8kAkwWBitAc3RcFsNYMzipHnD993T5yEDtXXr3pdIwH5vkyoCxlyUlB7WsC/D | |
| Fsr57+u59mcNa5QAa8hH1LdBynOrddbi5Pto3+449NOWXKRXvc8R/Z1Oo1IHeZs= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-2.4 required=5.0 tests=BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 |
| X-HELO: | mail-wg0-f47.google.com |
| X-Received: | by 10.194.221.100 with SMTP id qd4mr10023086wjc.113.1428745860797; Sat, 11 Apr 2015 02:51:00 -0700 (PDT) |
| Message-ID: | <5528EE66.8070305@gmail.com> |
| Date: | Sat, 11 Apr 2015 11:50:30 +0200 |
| From: | David Macek <david DOT macek DOT 0 AT gmail DOT com> |
| User-Agent: | Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: [TESTERS needed] New POSIX permission handling |
| References: | <20150410100703 DOT GA4401 AT calimero DOT vinschen DOT de> <87lhhzcarc DOT fsf AT Rainer DOT invalid> <5528E2ED DOT 7090105 AT gmail DOT com> <87d23bc9r5 DOT fsf AT Rainer DOT invalid> |
| In-Reply-To: | <87d23bc9r5.fsf@Rainer.invalid> |
| X-IsSubscribed: | yes |
--------------ms050202020201020101090800 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11. 4. 2015 11:08, Achim Gratz wrote: > David Macek writes: >> Power Users don't have access to (almost) everything, like >> Administrators do. The Domain Administrators group is a member of >> Administrators, so unless I'm missing something, there's no reason to >> have them explicitely in the DACL. >=20 > That doesn't stop folks from using them in DACL entries and membership > of one group in another (rightly) doesn't confer transitive access > rights. I've just named these two examples because I've seen them > before in ACL, I make no claim as to whether that's a sensible thing to > do or not. https://technet.microsoft.com/en-us/library/cc776499(v=3Dws.10).aspx says o= therwise about the group-in-group rights. I'm a bit confused. Maybe we're t= alking about different things -- of course it makes sense to give Domain Ad= ministrators more rights than Administrators, but I don't see any reason fo= r blanket granting Domain Administrators explicit rights on everything on t= he filesystem. The way I see it, the point of the code change was to prevent the "implicit= " Administrators and SYSTEM DACL entries from showing up in the computed PO= SIX access mask because they nicely match the implicit rights root accounts= have on POSIX systems and because they're unhelpful and sometimes problema= tic. As neither Domain Administrators nor Power Users have this combination= of properties (presence on most filesystem objects by default and SeTakeOw= nershipPrivilege), I think it's useful to have them appear in the mask. Please correct me if I'm talking nonsense; I have little practical experien= ce with domain environments. --=20 David Macek --------------ms050202020201020101090800 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH AQAAoIIMbzCCBjMwggUboAMCAQICAwxvejANBgkqhkiG9w0BAQsFADCBjDEL MAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMT L1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50 IENBMB4XDTE0MTIzMTA0MDkwNFoXDTE2MDEwMTE1NDg1M1owSjEgMB4GA1UE AwwXZGF2aWQubWFjZWsuMEBnbWFpbC5jb20xJjAkBgkqhkiG9w0BCQEWF2Rh dmlkLm1hY2VrLjBAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEApuk8134+nkISIg7X7ABwKnVLgZsYi5kdXeeWpUrF1YLdLsZL pPjcUA3sk1QRpMMRVbWnCvAjwWI86js8V3sv8xDfD9DPf+f22NDQ9nC8gzsG VJkCr42+vdlwAAuG+hZ81fuRuswdsgMJWvz7uwUwMw2/UDoezIS7Sf9d5BsX h2VyPj1khIuMrvX2q5oVVQ/MV5QfqFtT7zCBPfuqhAROAO/nhNsxqTxjEppK 8Sh1FuIT71hANWHYTyvAwbN3MMzJeSmDAcAvlyNUfjqrLwCPObqinZFlqyR7 a4NG3HbVo3IwnrLScYZs7xE/6h77sFWXSJV9dq7gSVjOwHec+OgijQIDAQAB o4IC3TCCAtkwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYI KwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQEvwqPgbHT3Rg7Y+obpVas +Y+6+jAfBgNVHSMEGDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAiBgNVHREE GzAZgRdkYXZpZC5tYWNlay4wQGdtYWlsLmNvbTCCAUwGA1UdIASCAUMwggE/ MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3 LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBT dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBj ZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3Mg MSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0Eg cG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9z ZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRp b25zLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNv bS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzAB hi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGllbnQv Y2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRz L3N1Yi5jbGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8v d3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQELBQADggEBAC+mXthvKJv0 g9fDxLL4OGsVK/sMtsquNast5RYmngwxRzxag9bihcuvlxbl3Y4ZMhLcdViH ku0P/7aLxF6zzXWoIDWmfmiMfS0Sakkd72odZetyDtn+qxOyMfK2zNagdh8b 3i8h1hLFUbGX/ELWmF2k8FfewSchVtosEicopuFIeQaEehYnuUbZLqq815gr wGNMFUBQ9GkrWwrN+7Mx2CkqSv5A4Br+uY/UBNeWGbE9NhrUM0LFiXQkKiAm LzLNc8475trVyShSVv+JwFPDS2XWtEQea5Yd1NTkp8CLrZnWiicH+911e23Y 6BH4LYf9zUSvvFEqOTcBWyEtw9a293IwggY0MIIEHKADAgECAgEeMA0GCSqG SIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBM dGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eTAeFw0wNzEwMjQyMTAxNTVaFw0xNzEwMjQyMTAxNTVaMIGMMQswCQYDVQQG EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJl IERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRD b20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoUfE6ERKKnu8zPf1Jwuk0tsvVC k6U9b+0UjM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9f1+1PKHG /FaR/wpbfuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8 Q89lGxahNvuryGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5 r/2dabmtxWMZwhZna//jdiSyrrSMTGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/X e2AC/Y7zeEsnR7FOp+uXAgMBAAGjggGtMIIBqTAPBgNVHRMBAf8EBTADAQH/ MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO8tS4 UYIwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUH AQEEWjBYMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20v Y2EwLQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2Nh LmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8vd3d3LnN0YXJ0c3NsLmNv bS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nm c2NhLmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUF BwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsG AQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUu cGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9eKssBly4Y4xerhy5I3dNoXHY fYa8PlVLL/qtXnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukDFUI22zF5bVHz uJ+GxhnSqN2sD1qetbYwBYK2iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyi kfbUFvIBivtvkR8ZFAk22BZy+pJfAoedO61HTz4qSfQoCRcLN5A0t4DkuVhT MXIzuQ8CnykhExD6x4e6ebIbrjZLb7L+ocR0y4YjCl/Pd4MXU91y0vTipgr/ O75CDUHDRHCCKBVmz/Rzkc/b970MEeHt5LC3NiWTgBSvrLEuVzBKM586YoRD 9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCDz+zjdH89PeR3U4So4lSXur6H 6vp+m9TQXPF3a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqASfTpaprFVkL4 nyGH+NHST2ZJPWIBk81i6Vw0ny0qZW2Niy/QvVNKbb43A43ny076khXO7cNb BIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf6TcvGbjxkJh8BYtv9ePsXklA xtm8J7GCUBthHSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd83129fZjoEhdGwXV 27ioRKbj/cIq7JRXun0NbeY+UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jGCA90w ggPZAgEBMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g THRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln bmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVy bWVkaWF0ZSBDbGllbnQgQ0ECAwxvejAJBgUrDgMCGgUAoIICHTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTA0MTEwOTUw MzBaMCMGCSqGSIb3DQEJBDEWBBTqdTlUwR+Cb8+eCEwH4vPZTP+mgzBsBgkq hkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZI hvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIH MA0GCCqGSIb3DQMCAgEoMIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNV BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1 cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy dENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQID DG96MIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UEBhMCSUwxFjAU BgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFs IENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNz IDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMMb3owDQYJKoZI hvcNAQEBBQAEggEADuhQj5ivEzvhgZP666aB0R3q5xriojtefCCGMDHr24G1 CpBvksO7Xj48qzlamGOSEZ3eBaHYlWSKaksjPTfjhkZUfQcrzAe6kDDQaMse idXWqa+aRJdgv459UdB2tdh6lGgzzYIUWho34SosIRXWE1ikSGdLmzMLPOuk w3jlC33tSPCyqDVEaOJN22+UmoqsBr+7cjsRxRJZAO0W1j/RwHxGqm0ado4B yiL19kht1IPkEnKKvdP5Q4UZ50KpN+QCOgxYLMRvvxjDw7bEUYrcmayj0MwC GSpUWguZNRKiGon1d3cVF8LQTx0EJfZ4a9+BK2GM/rF7mWYrJcBwUos2aQAA AAAAAA== --------------ms050202020201020101090800--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |