Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Date: Wed, 18 May 2005 18:03:57 -0700
From: George <d1945@sbcglobal.net>
To: cygwin@cygwin.com
Subject: Re: create new file from bash: with DACL, owner, & group as windows   would
Message-ID: <20050519010357.GA652@home-2>
Reply-To: George <d1945@sbcglobal.net>
Mail-Followup-To: cygwin@cygwin.com
References: <200505182013.j4IKDBcF012257@tigris.pounder.sol.net> <428BA6E2.70B95230@dessent.net> <200505182118.j4ILIx7q012492@tigris.pounder.sol.net> <200505182230.j4IMUAZY012847@tigris.pounder.sol.net> <428BC5AC.74E4385E@dessent.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <428BC5AC.74E4385E@dessent.net>
User-Agent: Mutt/1.4.1i
X-IsSubscribed: yes

On Wed, May 18, 2005 at 03:46:04PM -0700, Brian Dessent wrote:
> Tom Rodman wrote:
> 
> > wtouch()
> > {
> >   local file=$1
> >   CYGWIN=nontsec touch "$file"
> >   setacl -on "$(cygpath -aw "$file")" -ot file \
> >     -actn setowner -ownr "n:Administrators;s:n" \
> >     -actn setgroup -grp  "n:None;s:n" \
> >     -silent || echo $FUNCNAME:setacl failed
> >     # see http://setacl.sourceforge.net/html/doc-reference.html
> > }
> > 
> > I'm usually an admin, hence the setacl.  The advantage of
> > setacl over chown is that the setacl above has no impact on the
> > DACL.
> 
> BTW, you're probably aware of this but you can bring the behavior of the
> two more into line by setting a GPO.  Change "Default owner for objects
> created by members of the Administrators group" to "Object creator"
> instead of "Administrators group".  Files created in both Cygwin and
> Windows will then be owned by the user account and not the
> Administrators group.  Unless of course that's what you want.

For anyone reading this who is not an admin, it's worth pointing out
that this applies to XP only, and not to Windows 2000.  

http://support.microsoft.com/default.aspx?scid=kb;en-us;318825

For XP users, the relevant setting referred to by Mr. Dessent can be
found by running 'secpol.msc' and navigating
 
Local Policies -> Security Options -> System objects



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/