Mail Archives: cygwin/2019/12/22/09:06:07

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2019/12/22/09:06:07

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:reply-to:message-id:to:subject

:in-reply-to:references:mime-version:content-type

:content-transfer-encoding; q=dns; s=default; b=bhEJBxw+F+N0iXEy

qJH1S25h8oJU0igiZv1IFLEr/GiGE8QTwbdVkbKFoye2mt7xyrztWQ1WUOy+xiYu

Js4KYmrzFHB4hq+n/oz0zk86TLYMm2MEeb9hUoTlvXfrNYpihmY8zvyNHRsc9Ccr

jNx96x9IcGBpm0cLSVBRplewVdQ=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:reply-to:message-id:to:subject

:in-reply-to:references:mime-version:content-type

:content-transfer-encoding; s=default; bh=JDdW2i4k0uRpHpesLbyvIS

b9Bn4=; b=TVvVYJ7U6RfP6HehJXaTzSlcQP+/lu1IODb8EqH5pi4hT3zWGNgoZh

cKtvZhGzOm/LVzFV8e8dVrkQodiJesIkyX5YEoc8qO99edM8me6UYfZiGVWto2Uo

9GxmW8Yh1uJo8K5EvWST1w328fenhqAcjGpUp5jSoXwzTtoinyDfc=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=-4.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,GIT_PATCH_2,KAM_ASCII_DIVIDERS,KAM_THEBAT,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.1 spammy=rare, UD:ru, H*r:smtp, H*M:yandex

X-HELO: forward103j.mail.yandex.net

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1577023501; bh=pi6awMO1koY0tkpRpLJV0FFzpcq1qU5vprXDZ9jsZD0=; h=In-Reply-To:Subject:To:Reply-To:From:Message-ID:References:Date; b=mjbPan8D8cr1o4P2ahShJqwQn3f1pYnqTLFGSFegqJe4vfCSX6FTCa1qp7UC/ymUG sNTyIu8mJ7M9yiLe0Dwhkgz4kw7ieYyg/KFhoNzNTAx12RlMK7FzVvZ+jFAHqRgVRF 7Yu3n3/dMRGlTtx6TJteb8uORQOVmKzZlOllkp1U=

Authentication-Results: mxback1g.mail.yandex.net; dkim=pass header.i=@yandex.ru

Date: Sun, 22 Dec 2019 16:54:11 +0300

From: Andrey Repin <anrdaemon AT yandex DOT ru>

Reply-To: cygwin AT cygwin DOT com

Message-ID: <1857710854.20191222165411@yandex.ru>

To: Peter Binney <peter DOT binney AT gmail DOT com>, cygwin AT cygwin DOT com

Subject: Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia

In-Reply-To: <CAJiKf6Ht6DA4hyVHWCocFwC5CNvkWNTMPZvitGdF-YyTgVYYfA@mail.gmail.com>

References: <CAJiKf6Ht6DA4hyVHWCocFwC5CNvkWNTMPZvitGdF-YyTgVYYfA AT mail DOT gmail DOT com>

MIME-Version: 1.0

X-IsSubscribed: yes

Greetings, Peter Binney!

> Creating a file using "> newfile", "icacls newfile" shows various DENY settings:

> newfile NULL SID:(DENY)(Rc,S,WEA,X,DC)
>         JCPR-DELL-3\peter:(R,W,D,WDAC,WO)
>         NT AUTHORITY\SYSTEM:(DENY)(S,X)
>         BUILTIN\Administrators:(DENY)(S,X)
>         BUILTIN\Users:(DENY)(S,X)
>         JCPR-DELL-3\None:(R)
>         NT AUTHORITY\SYSTEM:(RX,W)
>         BUILTIN\Administrators:(RX,W)
>         BUILTIN\Users:(RX,W)
>         Everyone:(R)

> Whereas on a file created from Windows Explorer I see:
> New Text Document.txt BUILTIN\Users:(I)(M)
>                       Everyone:(I)(RX)
>                       JCPR-DELL-3\peter:(I)(F)
>                       BUILTIN\Administrators:(I)(F)
>                       NT AUTHORITY\SYSTEM:(I)(F)

> "mkpasswd" and "mkgroup"

Please use getent

> both show I (user "peter") have expected
> entries in /etc/passwd and /etc/group (I attach both)

Delete both from your system, they are not needed, except for extremely rare
cases.

> Running "whoami" commands from powershell shows:

> PS E:\temp> whoami /groups

> GROUP INFORMATION
> -----------------
> Group Name                                                    Type
>         SID          Attributes
> =============================================================
> ================ ============
> ==================================================
> Everyone
> Well-known group S-1-1-0      Mandatory group, Enabled by default,
> Enabled group
> NT AUTHORITY\Local account and member of Administrators group
> Well-known group S-1-5-114    Group used for deny only
> BUILTIN\Administrators                                        Alias
>         S-1-5-32-544 Group used for deny only
> BUILTIN\Performance Log Users                                 Alias
>         S-1-5-32-559 Mandatory group, Enabled by default, Enabled
> group
> BUILTIN\Users                                                 Alias
>         S-1-5-32-545 Mandatory group, Enabled by default, Enabled
> group
> NT AUTHORITY\INTERACTIVE
> Well-known group S-1-5-4      Mandatory group, Enabled by default,
> Enabled group
> CONSOLE LOGON
> Well-known group S-1-2-1      Mandatory group, Enabled by default,
> Enabled group
> NT AUTHORITY\Authenticated Users
> Well-known group S-1-5-11     Mandatory group, Enabled by default,
> Enabled group
> NT AUTHORITY\This Organization
> Well-known group S-1-5-15     Mandatory group, Enabled by default,
> Enabled group
> NT AUTHORITY\Local account
> Well-known group S-1-5-113    Mandatory group, Enabled by default,
> Enabled group
> LOCAL
> Well-known group S-1-2-0      Mandatory group, Enabled by default,
> Enabled group
> NT AUTHORITY\NTLM Authentication
> Well-known group S-1-5-64-10  Mandatory group, Enabled by default,
> Enabled group
> Mandatory Label\Medium Mandatory Level                        Label
>         S-1-16-8192
> PS E:\temp> whoami
> jcpr-dell-3\peter
> PS E:\temp> whoami /user

> USER INFORMATION
> ----------------
> User Name         SID
> ================= =============================================
> jcpr-dell-3\peter S-1-5-21-1468824806-2062748802-729869357-100

> I also attach cygcheck.out

See my earlier message, I strongly suggest "noacl" mount option for
directories outside Cygwin root.
No windows program expects stupid access restrictions produces by basic POSIX
permissions.


-- 
With best regards,
Andrey Repin
Sunday, December 22, 2019 15:35:08

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=bhEJBxw+F+N0iXEy
	qJH1S25h8oJU0igiZv1IFLEr/GiGE8QTwbdVkbKFoye2mt7xyrztWQ1WUOy+xiYu
	Js4KYmrzFHB4hq+n/oz0zk86TLYMm2MEeb9hUoTlvXfrNYpihmY8zvyNHRsc9Ccr
	jNx96x9IcGBpm0cLSVBRplewVdQ=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:message-id:to:subject
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=JDdW2i4k0uRpHpesLbyvIS
	b9Bn4=; b=TVvVYJ7U6RfP6HehJXaTzSlcQP+/lu1IODb8EqH5pi4hT3zWGNgoZh
	cKtvZhGzOm/LVzFV8e8dVrkQodiJesIkyX5YEoc8qO99edM8me6UYfZiGVWto2Uo
	9GxmW8Yh1uJo8K5EvWST1w328fenhqAcjGpUp5jSoXwzTtoinyDfc=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-4.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,GIT_PATCH_2,KAM_ASCII_DIVIDERS,KAM_THEBAT,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.1 spammy=rare, UD:ru, Hr:smtp, HM:yandex
X-HELO:	forward103j.mail.yandex.net
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1577023501; bh=pi6awMO1koY0tkpRpLJV0FFzpcq1qU5vprXDZ9jsZD0=; h=In-Reply-To:Subject:To:Reply-To:From:Message-ID:References:Date; b=mjbPan8D8cr1o4P2ahShJqwQn3f1pYnqTLFGSFegqJe4vfCSX6FTCa1qp7UC/ymUG sNTyIu8mJ7M9yiLe0Dwhkgz4kw7ieYyg/KFhoNzNTAx12RlMK7FzVvZ+jFAHqRgVRF 7Yu3n3/dMRGlTtx6TJteb8uORQOVmKzZlOllkp1U=
Authentication-Results:	mxback1g.mail.yandex.net; dkim=pass header.i=@yandex.ru
Date:	Sun, 22 Dec 2019 16:54:11 +0300
From:	Andrey Repin <anrdaemon AT yandex DOT ru>
Reply-To:	cygwin AT cygwin DOT com
Message-ID:	<1857710854.20191222165411@yandex.ru>
To:	Peter Binney <peter DOT binney AT gmail DOT com>, cygwin AT cygwin DOT com
Subject:	Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
In-Reply-To:	<CAJiKf6Ht6DA4hyVHWCocFwC5CNvkWNTMPZvitGdF-YyTgVYYfA@mail.gmail.com>
References:	<CAJiKf6Ht6DA4hyVHWCocFwC5CNvkWNTMPZvitGdF-YyTgVYYfA AT mail DOT gmail DOT com>
MIME-Version:	1.0
X-IsSubscribed:	yes