Mail Archives: cygwin/2019/12/23/09:54:18
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
|
| :list-unsubscribe:list-subscribe:list-archive:list-post
|
| :list-help:sender:mime-version:references:in-reply-to:from:date
|
| :message-id:subject:to:content-type; q=dns; s=default; b=dky+gwi
|
| jiaW/A3HjLD1Cqw5nmuxL2MUnq5XweQZUS0ZsL0Mw76MP4cnM5i5R/nmOFIOxYBW
|
| 8vb4uWgdPYbHehu8JyOoR3Gz0GGifTIvTwhs/t4gl8oeYhuWq1NwOhu7FinpzbWU
|
| yGWBvVA8+lrvco5+StSlqRP5qOq3QeDfpsLk=
|
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
|
| :list-unsubscribe:list-subscribe:list-archive:list-post
|
| :list-help:sender:mime-version:references:in-reply-to:from:date
|
| :message-id:subject:to:content-type; s=default; bh=GqZkVqynZ2CBf
|
| 5FYQydIU+Cf4fY=; b=qeueZXqw+5parQ/EF0ebhVNlIxAw+MgXXBZqay0lI9bHj
|
| UpOpw6LCfLeVUxIAdkYu6AKj15NrFfA22A09sa4sPN5jPLubb3/AxK1tUM8HB4fZ
|
| CiShhJVlqNOtaSKOtBTAB7f9waxixTROFUiFe8qMfqAQLuEs2Mz2gVkt5S0kGk=
|
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm
|
| List-Id: | <cygwin.cygwin.com>
|
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com>
|
| List-Archive: | <http://sourceware.org/ml/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
|
| Sender: | cygwin-owner AT cygwin DOT com
|
| Mail-Followup-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | mailing list cygwin AT cygwin DOT com
|
| Authentication-Results: | sourceware.org; auth=none
|
| X-Spam-SWARE-Status: | No, score=-1.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_2,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=D*ru, well-known, wellknown, HX-HELO:sk:mail-ed
|
| X-HELO: | mail-ed1-f41.google.com
|
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=JFIExPrt4KyXX5TibVkyWA39r540o/t84xNVqBftQww=; b=Hnzs/SXGZmR/9lng2OZDts0HL2gVGwDzpEnMZfJTusbJDorF0JreK87fBcka45HTUQ p8oIMMcXE0DlMgYPXnJ3gS76lLgkvwMc4vQ+sV6/nXDGe9nV7SQweXpB0W4fLXduI1Oe 6fFsgPNLSKPJeuFKkUc2pREVUVyjkiSPFx0SAKzgnEnT3u0Y+SpCVpzWlU17Ow/FF+2j fguZ7FgdR8ekUzvl5D1CZQyPCEfs+dG3+pfMmyZarOAkLxx01j4V2l3SDa1BTLDyeaYc CbgAhvrWeG+rRNAsmgsafUTj0KyXV7+ND3XqY9oUJiCItBVE3I91Lz7hk/Utypi+NmSD ND+Q==
|
| MIME-Version: | 1.0
|
| References: | <CAJiKf6Ht6DA4hyVHWCocFwC5CNvkWNTMPZvitGdF-YyTgVYYfA AT mail DOT gmail DOT com> <1857710854 DOT 20191222165411 AT yandex DOT ru>
|
| In-Reply-To: | <1857710854.20191222165411@yandex.ru>
|
| From: | Peter Binney <peter DOT binney AT gmail DOT com>
|
| Date: | Mon, 23 Dec 2019 14:52:57 +0000
|
| Message-ID: | <CAJiKf6HiNckg8rHxibwrP=+n-rxobyVmSTH8kaooRtH8MXXmvA@mail.gmail.com>
|
| Subject: | Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
|
| To: | cygwin AT cygwin DOT com
|
Hello Andrey - many thanks for that. I have now removed /etc/passwd
and /etc/group which didn't change anything.
I read some of your earlier posts on this and had already tried the noacl route.
Unfortunately it has made no difference. I added a second line to my
fstab so it read:
none /cygdrive cygdrive binary,posix=0,user 0 0
e: /cygdrive/e ntfs noacl,binary,posix=0,user,auto 0 0
with "mount" showing:
C:/cygwin/bin on /usr/bin type ntfs (binary,auto)
C:/cygwin/lib on /usr/lib type ntfs (binary,auto)
C:/cygwin on / type ntfs (binary,auto)
E: on /cygdrive/e type ntfs (binary,noacl,posix=0,user)
C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto)
D: on /cygdrive/d type ntfs (binary,posix=0,user,noumount,auto)
N: on /cygdrive/n type smbfs (binary,posix=0,user,noumount,auto)
P: on /cygdrive/p type smbfs (binary,posix=0,user,noumount,auto)
But when creating files on an E: I still get DENY for "NULL SID" and
other accounts.
On Sun, 22 Dec 2019 at 14:05, Andrey Repin <anrdaemon AT yandex DOT ru> wrote:
>
> Greetings, Peter Binney!
>
> > Creating a file using "> newfile", "icacls newfile" shows various DENY settings:
>
> > newfile NULL SID:(DENY)(Rc,S,WEA,X,DC)
> > JCPR-DELL-3\peter:(R,W,D,WDAC,WO)
> > NT AUTHORITY\SYSTEM:(DENY)(S,X)
> > BUILTIN\Administrators:(DENY)(S,X)
> > BUILTIN\Users:(DENY)(S,X)
> > JCPR-DELL-3\None:(R)
> > NT AUTHORITY\SYSTEM:(RX,W)
> > BUILTIN\Administrators:(RX,W)
> > BUILTIN\Users:(RX,W)
> > Everyone:(R)
>
> > Whereas on a file created from Windows Explorer I see:
> > New Text Document.txt BUILTIN\Users:(I)(M)
> > Everyone:(I)(RX)
> > JCPR-DELL-3\peter:(I)(F)
> > BUILTIN\Administrators:(I)(F)
> > NT AUTHORITY\SYSTEM:(I)(F)
>
> > "mkpasswd" and "mkgroup"
>
> Please use getent
>
> > both show I (user "peter") have expected
> > entries in /etc/passwd and /etc/group (I attach both)
>
> Delete both from your system, they are not needed, except for extremely rare
> cases.
>
> > Running "whoami" commands from powershell shows:
>
> > PS E:\temp> whoami /groups
>
> > GROUP INFORMATION
> > -----------------
> > Group Name Type
> > SID Attributes
> > =============================================================
> > ================ ============
> > ==================================================
> > Everyone
> > Well-known group S-1-1-0 Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\Local account and member of Administrators group
> > Well-known group S-1-5-114 Group used for deny only
> > BUILTIN\Administrators Alias
> > S-1-5-32-544 Group used for deny only
> > BUILTIN\Performance Log Users Alias
> > S-1-5-32-559 Mandatory group, Enabled by default, Enabled
> > group
> > BUILTIN\Users Alias
> > S-1-5-32-545 Mandatory group, Enabled by default, Enabled
> > group
> > NT AUTHORITY\INTERACTIVE
> > Well-known group S-1-5-4 Mandatory group, Enabled by default,
> > Enabled group
> > CONSOLE LOGON
> > Well-known group S-1-2-1 Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\Authenticated Users
> > Well-known group S-1-5-11 Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\This Organization
> > Well-known group S-1-5-15 Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\Local account
> > Well-known group S-1-5-113 Mandatory group, Enabled by default,
> > Enabled group
> > LOCAL
> > Well-known group S-1-2-0 Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\NTLM Authentication
> > Well-known group S-1-5-64-10 Mandatory group, Enabled by default,
> > Enabled group
> > Mandatory Label\Medium Mandatory Level Label
> > S-1-16-8192
> > PS E:\temp> whoami
> > jcpr-dell-3\peter
> > PS E:\temp> whoami /user
>
> > USER INFORMATION
> > ----------------
> > User Name SID
> > ================= =============================================
> > jcpr-dell-3\peter S-1-5-21-1468824806-2062748802-729869357-100
>
> > I also attach cygcheck.out
>
> See my earlier message, I strongly suggest "noacl" mount option for
> directories outside Cygwin root.
> No windows program expects stupid access restrictions produces by basic POSIX
> permissions.
>
>
> --
> With best regards,
> Andrey Repin
> Sunday, December 22, 2019 15:35:08
>
> Sorry for my terrible english...
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -