| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DMARC-Filter: | OpenDMARC Filter v1.4.1 sourceware.org 4DDBC3865470 |
| Authentication-Results: | sourceware.org; |
| dmarc=none (p=none dis=none) header.from=tlinx.org | |
| Authentication-Results: | sourceware.org; spf=pass smtp.mailfrom=tlinx.org |
| Message-ID: | <60E460C7.7010203@tlinx.org> |
| Date: | Tue, 06 Jul 2021 06:55:19 -0700 |
| From: | L A Walsh <cygwin AT tlinx DOT org> |
| User-Agent: | Thunderbird 2.0.0.24 (Windows/20100228) |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: objects created in a dir w/cygwin mangled perms; inherit no-access |
| References: | <60E14AAA DOT 4000404 AT tlinx DOT org> <514405575 DOT 20210704172015 AT yandex DOT ru> |
| In-Reply-To: | <514405575.20210704172015@yandex.ru> |
| X-Spam-Status: | No, score=-1.9 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, |
| SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 | |
| X-Spam-Checker-Version: | SpamAssassin 3.4.4 (2020-01-24) on |
| server2.sourceware.org | |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.29 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| Sender: | "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com> |
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id 166DvMmw028808 |
On 2021/07/04 07:20, Andrey Repin wrote: > The "+" at the end indicates presence of extended permissions. --- Ya, that's what I was referring to when I wrote about having 5 deny records at the front, though that didn't necessarily stand out. ⍨ Aside from the extended permissions, though, the net result was me getting a 'no access' when I tried to look into the directory with explorer. While I did have access via a local shell, I also have no-access from bash on a remote system (the samba domain controller on linux): > echo -n $(uname -n):;id |sed 's/groups.*//' Ishtar:uid=5013(law) gid=201(lawgroup) > ls -l newdir ls: reading directory 'newdir': Permission denied > ls -dl newdir dr-xrwxr-x 2 law lawgroup 0 Jul 6 05:20 newdir/ On local machine, same: > echo -n $(uname -n):;id |sed 's/groups.*//' Athenae:uid=5013(Bliss\law) gid=201(Bliss\lawgroup) ls -dxlF newdir d---rwxr-x+ 1 Bliss\law Bliss\lawgroup 0 Jul 6 05:20 newdir/ > > What getfacl says? # file: newdir # owner: Bliss\law # group: Bliss\lawgroup user::--- user:root:--- user:law:--- user:Astara:--- group::rwx group:SYSTEM:rwx group:Administrators:rwx group:Users:r-x mask::rwx other::r-x default:user::--- default:user:root:--- default:user:law:--- default:user:Astara:--- default:group::rwx default:group:SYSTEM:rwx default:group:Administrators:rwx default:group:Users:r-x default:mask::rwx default:other::r-x > What is "progd" ? Did you mount some directory into Cygwin tree? Sorta, actually the cygtree mounted at 'C:\'. So 2 Junctions and 1 symlinkd /Progd => /ProgramData/ /Prog => /Program Files (x86)/ /Prog64 => /Program Files/ > >> Of course I can overide, but why are such weird acls on >> this anyway? -- especially when it doesn't seem to really >> work? > > Probably because of interpretation of the original Windows permissions. --- Not exactly, I don't think. Windows doesn't add "DENY" entries up front. Seems like there should be a better way since MS's subsystem for UNIX didn't seem to use all those DENY entries that I ever saw. Am guessing they somehow came from those default CREATOR U/G entries on the parent directory. This problem has been around for a few years. Certainly, having it create no-access dirs for the user isn't desirable. I'm betting that they'd be denied locally as well if my local user didn't have admin override rights. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright 2019 by DJ Delorie | Updated Jul 2019 |