Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com To: cygwin@cygwin.com From: Francis Litterio Subject: How to prevent new files from having ACL that grants SYSTEM full control? Date: Wed, 13 Jul 2005 11:11:12 -0400 Lines: 27 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Draft-From: ("nntp+news.gmane.org:gmane.os.cygwin" "") Gcc: nnfolder:sent-usenet X-Random-Quote: Nature is by and large to be found out of doors, a location where, it cannot be argued, there are never enough comfortable chairs. -- Fran Lebowitz User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (windows-nt) X-IsSubscribed: yes I have ntsec enabled, and I have the permissions on all my personal files and directories set so that /bin/ls will show the permissions without the trailing '+'. Thus, /bin/ls shows me extactly who has access to my files, and I don't have use Explorer or cacls to see who has access. Whenever I create a new file or directory in one of my directories using a non-Cygwin Windows application (e.g., Wordpad), the file has the following ACLs: c:\franl\todo.txt CORP\flitteri:F NT AUTHORITY\SYSTEM:F which causes /bin/ls to show the permissions as "rwx------+". Is there any way to prevent the SYSTEM ACE from appearing in the ACL of new files and directories created by Windows applications (thus eliminating the '+' from the /bin/ls output)? At first, I thought the SYSTEM ACE was being inherited from the directory in which the file was created, but that's not the case. There is no SYSTEM ACE in the ACL on the containing directory. Any suggestions? -- Francis Litterio franl world . std . com -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/