X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=UyfzFCjnnesLGJ28
	M0SGNMTtcFKfUqOeBdm59DtfK2xhP/SdQBM19/Mjf1ICZwByqquAIPClHSw2R4sU
	JZLTUMUTE2ZrPwaJ6kcRHhf0vRpQDP5j1uo+qLNx5PNBQcnTmrn/SvMj06opZ/Mo
	ypTqFl4sqOG4I7bE/WKRMmJEFTw=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=RmVJ/bdgTxvG1FSZAyX2DW
	eyYWE=; b=UE16VkwCo7T3l5rLQUTjPGy8oRkI4IHdqrjg0WOLACbU6yl01LcZyg
	prCfF9CxA15tzqhE/AnnL6LkOelBjDpdu9owI2FWO5SZPI4q+sa/jj3D2YG02IGM
	c/y2tuJ76MNUxnvU++tZ+NKcKzSNFm+CxDyhyM4rFoYgfTvo5wmrs=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-4.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,RCVD_IN_DNSWL_LOW,UNSUBSCRIBE_BODY,WEIRD_QUOTING autolearn=ham version=3.3.1 spammy=grief, HX-Languages-Length:3159, disturbing, Advanced
X-HELO:	smtp-out-so.shaw.ca
Reply-To:	Brian DOT Inglis AT SystematicSw DOT ab DOT ca
Subject:	Re: win dirs don't handle lack of inherited rule(?): getfacl + tar dir Warning: Cannot acl_to_text: Invalid argument
To:	cygwin AT cygwin DOT com
References:	<5C81E2EE DOT 7020708 AT tlinx DOT org> <20190308121543 DOT GI3785 AT calimero DOT vinschen DOT de> <5C84EB7B DOT 70408 AT tlinx DOT org>
From:	Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Openpgp:	preference=signencrypt
Message-ID:	<7a3eaccf-511a-b71f-7f99-45a9bef35b29@SystematicSw.ab.ca>
Date:	Sun, 10 Mar 2019 08:09:34 -0600
User-Agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version:	1.0
In-Reply-To:	<5C84EB7B.70408@tlinx.org>
X-IsSubscribed:	yes

On 2019-03-10 04:48, L A Walsh wrote:
> On 3/8/2019 4:15 AM, Corinna Vinschen wrote:
>> On Mar  7 19:35, L A Walsh wrote:
>>> I ran tar on another directory and got a huge number**
>>> of these:
>>> tar: rules: Warning: Cannot acl_to_text: Invalid argument
>>> tar: adblockplus: Warning: Cannot acl_to_text: Invalid argument
>>> tar: autopager: Warning: Cannot acl_to_text: Invalid argument
>>> tar: bookmarkbackups: Warning: Cannot acl_to_text: Invalid argument
>>> ---

Losing/not having default ACLs (DACLs) defined on directories can cause Cygwin
grief as it will be unable to access files in those directories, whereas
Explorer seems to ignore the lack of DACLs and allow you to browse the files.

>> Can you please provide the cacls or icacls command creating
>> a directory that allows to reproduce the issue?
> 
> I doubt that area of my disk has ever been manipulated by 
> cacls or icacls. That's in my roaming profile.

Define this sh function, run it on problematic directories or files, and reply
with the output:

# lsp - list permissions with ls, getfacl, icacls
lsp ()
{
    local p;
    for p in "$@";
    do
        ls --color=auto -dl "$p";
        getfacl "$p";
        icacls "$(cygpath -m ""$p"")";
    done
}

e.g. and running my cygcheck sanitizer over the output:

$ lsp ~ | cygcheck-hrsv.sed
drwxrwx---+ 1 SYSTEM SYSTEM 0 Mar 10 07:07 /home/$USER
# file: /home/$USER
# owner: SYSTEM
# group: SYSTEM
user::rwx
user:$USER:rwx
group::---
group:Administrators:rwx
mask::rwx
other::---
default:user::rwx
default:user:$USER:rwx
default:group::---
default:group:Administrators:rwx
default:mask::rwx
default:other::---

C:/Users/$USER NT AUTHORITY\SYSTEM:(OI)(CI)(F)
             BUILTIN\Administrators:(OI)(CI)(F)
             $HOSTNAME\$USER:(OI)(CI)(F)

Successfully processed 1 files; Failed processing 0 files

> One thing that may be confusing some software is, what seems like
> cygwin adding the NULL SID with deny entries but also, according
> to the explorer security dialog, "out of normal order for them to be
> effective".  So it auto-reorders them if it tries to write to them.
> 
> If that could be cleaned up, so explorer and other software wouldn't
> think the ACL is "out of order" and want to re-arrange it, that might
> help.  It can't be good for different pieces of software to constantly
> be trying to apply their own "standards".

Windows doesn't know how to do POSIX ACLs so Cygwin works around those
limitations using equivalent Windows ACLs.
Just because Explorer does not understand those ACLs' order does not mean they
are invalid or wrong: just not set via the Explorer interface using its simple
approach - only Explorer is confused; that's why Explorer has an Advanced
security pane - to set stuff Explorer can't.
Don't let Explorer cleanup, fix, or reorder those ACLs to avoid grief!
Explorer dislikes a lot of what I work with, so I don't use Explorer much:
pcmanfm works for me.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -