Mail Archives: cygwin/2022/01/10/08:47:01

Corinna Vinschen <corinna-cygwin AT cygwin DOT com> · Mon, 10 Jan 2022 14:46:26 +0100

On Jan 10 11:07, Corinna Vinschen wrote:
> On Jan  7 15:56, cygwin AT kosowsky DOT org wrote:
> > > Corinna Vinschen wrote:
> > > On Jan  6 16:11, cyg DOT  DOT  DOT  AT kosowsky DOT org wrote:
> > > It is.  I realized belatedly, that 3da9e136.acl is apparently a
> > > directory, not a file.
> > 
> > It's actually a file...
> 
> This is weird.  The meaning of the OI and CI markers are "Object
> inheritance" and "Container inheritance".  These bits only make sense
> for directories and they control how ACEs are inherited by child objects
> (files) and child containers (subdirs).
> 
> Consequentially, if I use `icacls /restore' on a file with the DACL
> saved by you, the OI and CI bits are simply ignored.  After /restore,
> if I call /save again the resulting file looks like this:
> 
>   $ cat aclfile-after-restore.sav
>   acltest
>   D:PAI(A;;FA;;;SY)(A;;0x1200a9;;;WD)(A;;FA;;;BA)

FTR, it's even worse.  Windows ACEs with inheritence flags result in
equivalent POSIX default ACEs.  Per Linux (or better, POSIX 1003.1e
draft 17), it's an error trying to set default ACEs on files.
Therefore, a process trying to set the permissions as in your case
would result in getting errno EACCES.  Cygwin follows suit.

> However, this gave me a clue.  If this is really a file, it's a good
> chance that the inheritance flags are restricted to directories at
> one point in either the Cygwin DLL itself, or the getfacl tool.
> 
> I'll have a look into the sources later, but I sure would prefer if
> I could create such a file locally.

I tried to create a file with equivalent ACL including the inheritence
flags on W7, W10 and W11, but to no avail.  After running icacls
/restore the resulting DACL does not contain inheritance flags on none
of the systems.  Neither do the different Windows GUIs allow setting
inheritance flags on files.

I also ran getfacl under GDB and manipulated getfacl into believing that
a directory with matching ACL is actually a file, but the output generated
by getfacl was not showing the default ACEs at all:

  # file: acltest
  # owner: Administrators
  # group: SYSTEM
  user::rwx
  group::rwx
  other::r-x

ВЇ\_(гѓ„)_/ВЇ
Corinna

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 3A5613858015
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1641822420;
	bh=7ru5A48A86H3ABnqPL8KUJl43lOFqc20sZu5WKRnun0=;
	h=Date:From:To:Subject:References:In-Reply-To:List-Id:
	List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	Reply-To:From;
	b=dH6JQihFrDmoshTeaJ/9jVEGHmSuvNFEe4lnnVmHKLo1CHKkIoa0nilSaOQknRc14
	55MUvdV6tRbC+nSxofhadw8DW5roKfJuh/OZzRKhrOCVvpNRG4pgMpX4dtz8rnlbXS
	5yGd7cn5cd7Q8bc6S/3Muut6Dgr1e3s4pjAVSVoc=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.1 sourceware.org BEF8D3858D28
Authentication-Results:	sourceware.org;
	dmarc=fail (p=none dis=none) header.from=cygwin.com
Authentication-Results:	sourceware.org; spf=fail smtp.mailfrom=cygwin.com
Date:	Mon, 10 Jan 2022 14:46:26 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Duplicate ACLs? - Can't copy file even with Admin permissions
Message-ID:	<Ydw4stFxX+he1A6b@calimero.vinschen.de>
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<25043 DOT 7019 DOT 643488 DOT 389876 AT consult DOT pretender>
	<YdWCPsZOModGdRXM AT calimero DOT vinschen DOT de>
	<8735m12k3u DOT fsf AT Rainer DOT invalid>
	<25047 DOT 23325 DOT 33020 DOT 646017 AT consult DOT pretender>
	<25048 DOT 43238 DOT 484068 DOT 737126 AT consult DOT pretender>
	<YdwFc2JA5FfH1Ktr AT calimero DOT vinschen DOT de>
MIME-Version:	1.0
In-Reply-To:	<YdwFc2JA5FfH1Ktr@calimero.vinschen.de>
X-Provags-ID:	V03:K1:9E/hK4aLHNSu7xyZJV3+wyBFbC1aIubHF8bMEvdPi6djUJCgBkS
	XroTpMzQWhQBakpCxxkF2EU2JnqpVZNLJJcSuT8BOPwQVrm0Xm2bRQ2D+Q7c1arlZd6b9lY
	mVA7056W9q/VEUR3BwLPKcUeObV/jxVHUkKbzfDcXpxHBNFiAlIdwcyORBmbgyfPQ0+Gb1G
	zSMDlP0d2lsFkyog+gBWg==
X-UI-Out-Filterresults:	notjunk:1;V03:K0:LH1ahBC9Xvw=:it/lRzDoEUV1ILzhUe/noJ
	LbmPNFiFC3UsKCAzCp6sRci2dwvLVNEVDcLDVF9SAw4nwzsrnPPU5FnM7fGKnlOyjGDFGIvj3
	HYp0yMeF6wXtv0gWsrlIRNy82zwdmIhUhaTcpZP3vJlXBLg8xKucye8gD/JhSXTYSjzpysn1y
	yP786a0+kJoIVhApL4ZKF2n1pXigB+Ye58ts+ldwt1OVCGXKjeYT0OUfNE2IQuOUm9rU5NMbx
	cobDtOg6yHEHXk7Pq5pOCJqj3XfTj6p434V4XzwTHdVabwhwV30antf4iPKj3aH1CH3VzAmeq
	02Ay7AJFwpahtCtC4JMtPuDRZ77iClPjQxE69WWm2fdbGBbXizFjLc6bbYgnxNYnCbiyZqqtv
	gunLChK3px4M2uot6x7aBXRZ1uqfsrPTIILfZ1JbS69y5MAjDhhRxFxEDhzJUBZwCciIcSyd8
	mX9yS1wzmQYZuv0xXE3y/gfbFzdgDnQcJYncKbKrtopW2aaYTGsBMmtjPU+j0IMC3DkKjZxJX
	C1ODhbQzCUuqH7JyPhhK8LAYWkLcGKTDrSPRL175w05vC6k2G+8MUVhbHMHpI/j4JpW5qCFRp
	00IVEc95xe8aCGxtBGvs8PrE0BxNvD3wXii/H/lG3HjxhhW9mzMHAHWIYxf3UIGTmqToz1/LU
	byoot7h/33NTc1kQMFfYKIyTEPAUFIuCmrjalhVG2iryZHHzmo26sQtXTyE82yT32ocwXMwr0
	dDHtPWVPtaL1RACv
X-Spam-Status:	No, score=-90.8 required=5.0 tests=BAYES_00,
	GOOD_FROM_CORINNA_CYGWIN, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_FAIL, SPF_HELO_NONE,
	TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version:	SpamAssassin 3.4.4 (2020-01-24) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Reply-To:	cygwin AT cygwin DOT com
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 20ADl1Ls004044

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019