Mail Archives: cygwin/2015/04/21/08:16:24
--0OOz7ZB592LYQf07
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Apr 21 09:33, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > New 2.0.0-0.7 test release:
>=20
> It looks like I found a bug or at least some extremely undesirable
> behaviour. We back up some data via rsync, the script doesn't use the --=
acl
> option yet (that will need to change). The bug happens without this opti=
on,
> so rsync tries to preserve the modes, which ends up making the files
> inaccessible. The file share we back up from have ACL to grant the access
> only to certain groups and disallow to change the DACL. In trying to get
> the modes set up in the same way, Cygwin rsync produces some DENY ACL that
> will completely lock me out (the windows GUI will not only complain about
> the order of ACL, it will also not show all ACL, so icacls is the only to=
ol
> that can be used from that point forward). I'm not really sure what rsync
> is doing here... it may need to become smarter about that possibility.
It's not about rsync exactly. The problem is that I'm missing the
context a bit. I take it the permissions are supposed to be inherited
from the ".." dir, basically. The ".." dir has been created by
non-Cygwin means, right? The "." dir has been created by Cygwin already
it seems, but what permissions were desired? Does it match the
expectations or not?
The "dir1" and "dir2" directories both have been created by Cygwin,
but they are somehow totally wrong. I don't see how this could occur,
even in case the ACL sorting fails at creation time.
Btw., the getfacl output of dir1 and dir2 don't seem to match the
icacls output. The groups are different.
I wonder if I can create a similar scenario. Reproducing might be
tricky :(
Corinna
> (1020)...Backup_rsync/~2015-04-20_15~37 > `cygpath -S`/icacls ..
> .. BUILTIN\Administrators:(I)(F)
> BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
> NT AUTHORITY\SYSTEM:(I)(F)
> NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
> NT AUTHORITY\Authenticated Users:(I)(M)
> NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
> BUILTIN\Users:(I)(RX)
> BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
> Everyone:(I)(OI)(IO)(M,GA)
> Everyone:(I)(CI)(F)
>=20
> 1 Dateien erfolgreich verarbeitet, bei 0 Dateien ist ein Verarbeitungsfeh=
ler
> aufgetreten.
> (1021)...Backup_rsync/~2015-04-20_15~37 > `cygpath -S`/icacls .
> . NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)
> DOM\gratz:(F)
> BUILTIN\Users:(DENY)(W,DC)
> DOM\Domain Users:(RX,W,DC)
> NT AUTHORITY\Authenticated Users:(RX,W,DC)
> NT AUTHORITY\SYSTEM:(RX,W,DC)
> BUILTIN\Administrators:(RX,W,DC)
> BUILTIN\Users:(RX)
> Everyone:(RX,W,DC)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,WEA,X,DC)
> CREATOR OWNER:(OI)(CI)(IO)(F)
> CREATOR GROUP:(OI)(CI)(IO)(DENY)(W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(DENY)(W,DC)
> CREATOR GROUP:(OI)(CI)(IO)(RX)
> NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(RX,W,DC)
> NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Administrators:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(RX)
> Everyone:(OI)(CI)(IO)(RX,W,DC)
>=20
> 1 Dateien erfolgreich verarbeitet, bei 0 Dateien ist ein Verarbeitungsfeh=
ler
> aufgetreten.
> (1022)...Backup_rsync/~2015-04-20_15~37 > `cygpath -S`/icacls \*
> dir1 NULL SID:(DENY)(Rc,S,DC)
> NT AUTHORITY\Authenticated Users:(DENY)(W,RD,REA,X,DC)
> BUILTIN\Users:(DENY)(S,RD,REA,X)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,WEA,X,DC)
> CREATOR GROUP:(OI)(CI)(IO)(DENY)(W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(DENY)(W,DC)
> DOM\gratz:(D,Rc,WDAC,WO,RA,WA)
> DOM\Domain Users:(Rc,S,RA)
> NT AUTHORITY\Authenticated Users:(RX,W,DC)
> NT AUTHORITY\SYSTEM:(RX,W,DC)
> BUILTIN\Administrators:(RX,W,DC)
> BUILTIN\Users:(RX)
> Everyone:(Rc,S,RA)
> CREATOR OWNER:(OI)(CI)(IO)(F)
> CREATOR GROUP:(OI)(CI)(IO)(RX)
> NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(RX,W,DC)
> NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Administrators:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(RX)
> Everyone:(OI)(CI)(IO)(RX,W,DC)
> DOM\gratz:(OI)(CI)(F)
>=20
> dir2 NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)
> DOM\gratz:(DENY)(S,RD,WD,AD,REA,WEA,X,DC)
> NULL SID:(OI)(CI)(IO)(DENY)(Rc,S,REA,WEA,X,DC)
> CREATOR GROUP:(OI)(CI)(IO)(DENY)(W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(DENY)(W,DC)
> DOM\gratz:(D,Rc,WDAC,WO,RA,WA)
> DOM\Domain Users:(RX,W,DC)
> NT AUTHORITY\Authenticated Users:(RX,W,DC)
> NT AUTHORITY\SYSTEM:(RX,W,DC)
> BUILTIN\Administrators:(RX,W,DC)
> BUILTIN\Users:(RX)
> Everyone:(Rc,S,RA)
> CREATOR OWNER:(OI)(CI)(IO)(F)
> CREATOR GROUP:(OI)(CI)(IO)(RX)
> NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(RX,W,DC)
> NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Administrators:(OI)(CI)(IO)(RX,W,DC)
> BUILTIN\Users:(OI)(CI)(IO)(RX)
> Everyone:(OI)(CI)(IO)(RX,W,DC)
> DOM\gratz:(OI)(CI)(F)
>=20
> 2 Dateien erfolgreich verarbeitet, bei 0 Dateien ist ein Verarbeitungsfeh=
ler
> aufgetreten.
> (1023)...e/ADM_Backup_rsync/~2015-04-20_15~37 > getfacl .. . *
> # file: ..
> # owner: otheruser
> # group: Domain Users
> user::---
> group::---
> group:Authenticated Users:rwx
> group:SYSTEM:rwx
> group:Administrators:rwx
> group:Users:r-x
> mask:rwx
> other:rwx
> default:user::---
> default:group::---
> default:group:Authenticated Users:rwx
> default:group:SYSTEM:rwx
> default:group:Administrators:rwx
> default:group:Users:r-x
> default:mask:rwx
> default:other:rwx
>=20
> # file: .
> # owner: gratz
> # group: Domain Users
> user::rwx
> group::rwx
> group:Authenticated Users:rwx
> group:SYSTEM:rwx
> group:Administrators:rwx
> group:Users:r-x
> mask:rwx
> other:rwx
> default:user::rwx
> default:group::r-x
> default:group:Authenticated Users:rwx
> default:group:SYSTEM:rwx
> default:group:Administrators:rwx
> default:group:Users:r-x
> default:mask:rwx
> default:other:rwx
>=20
> # file: dir1
> # owner: gratz
> # group: Domain Users
> user::rwx
> group::---
> group:Authenticated Users:---
> group:SYSTEM:rwx
> group:Administrators:rwx
> group:Users:---
> mask:rwx
> other:---
> default:user::rwx
> default:user:gratz:rwx
> default:group::r-x
> default:group:Authenticated Users:rwx
> default:group:SYSTEM:rwx
> default:group:Administrators:rwx
> default:group:Users:r-x
> default:mask:rwx
> default:other:rwx
>=20
> # file: dir2
> # owner: gratz
> # group: Domain Users
> user::---
> group::rwx
> group:Authenticated Users:rwx
> group:SYSTEM:rwx
> group:Administrators:rwx
> group:Users:r-x
> mask:rwx
> other:---
> default:user::rwx
> default:user:gratz:rwx
> default:group::r-x
> default:group:Authenticated Users:rwx
> default:group:SYSTEM:rwx
> default:group:Administrators:rwx
> default:group:Users:r-x
> default:mask:rwx
> default:other:rwx
>=20
> (1024).../Backup_rsync/~2015-04-20_15~37 > getfacl /cygdrive/x/dir1
> # file: /cygdrive/x/dir1
> # owner: otheruser
> # group: Domain Users
> user::---
> group::---
> group:ADM-FileOperators-L:rwx
> group:PRJ-C-L:rwx
> mask:rwx
> other:---
> default:user::---
> default:group::---
> default:group:ADM-FileOperators-L:rwx
> default:group:PRJ-C-L:rwx
> default:mask:rwx
> default:other:---
>=20
> (1025)...Backup_rsync/~2015-04-20_15~37 > getfacl /cygdrive/z/dir2
> # file: /cygdrive/z/dir2
> # owner: otheruser
> # group: Domain Users
> user::---
> group::---
> group:ADM-FileOperators-L:rwx
> group:PRJ-R-L:r-x
> group:PRJ-C-L:rwx
> mask:rwx
> other:---
> default:user::---
> default:group::---
> default:group:ADM-FileOperators-L:rwx
> default:group:PRJ-R-L:r-x
> default:group:PRJ-C-L:rwx
> default:mask:rwx
> default:other:---
>=20
>=20
> Regards,
> Achim
>=20
>=20
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--0OOz7ZB592LYQf07
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJVNj9/AAoJEPU2Bp2uRE+gBJoP/AyNtid/fk66fmggkQBhLrzS
FOsnZZ8r/ZklXvxXv130VkgisUN3bDAcu9z+hluF3urr9WigXoCORDwSm0BxRd0+
pD1TvD7SCuV1ePdupTzVlHMHf3+yRqBd4Iu2lBnA4vr6Hbd1QFEUuGMQtVpoV1qv
xrevQrrfwxZtMGAEbAoj+xgF9UorOXn6qu3pNyDY7FvluBof7+up1I9IXE1uP+TA
SSgX67HzTBNYq5JctRsB4J5n6tR9sAMzuhU3SfXTFY4smYMHC23hHI6YSuvTbDQh
jalBVBcL8UGaBDGnBrUX41qv+5brlffVzGEbsMs2s4K9rE+pHAGa1vR40puM8VjM
e69OrQFGuC14V2m9oPBnhKMFvto/tMt2zDJ+uFyYG7qWm5e/ET2/4iGZ8UN2Dk3B
LuePXwH41laQAmR3HJMVVe8onz6CSlvvaux9YrVoxGotBds2WeWpOO0i9s13EEJk
/KRs4Cyy/UZoMuZa3fxkgrq/jQbvqW7L0ILPuUAbZ3WO50VZafvLCiJJOK2SzIbN
kpbqNsAnYqjV/KkajwTIJqPCYsTPNiiBwKX6r4DrSipU+JyMvkRD8vTUYur6KPuA
b7eHfDZX1T65O3VOM57QPbbRq4eAKSN3omQNSWonvdTz1Obkj8wqMimn8CHpexx6
Lk3jzCDErr08smag+awD
=h+nx
-----END PGP SIGNATURE-----
--0OOz7ZB592LYQf07--
- Raw text -