Message-ID: <4AD9EB0E.80601@gmail.com>
Date: Sat, 17 Oct 2009 17:04:30 +0100
From: Dave Korn <dave.korn.cygwin@googlemail.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: Re: How to deny directory-access for one dedicated user
References: <hb2bil$o3s$1@ger.gmane.org> <416096c60910131027g3df5021ei9b15ab5067353ce0@mail.gmail.com> <4AD4D5FB.4000906@gmail.com> <hbcd9m$l73$1@ger.gmane.org>
In-Reply-To: <hbcd9m$l73$1@ger.gmane.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com

Matthias Meyer wrote:

> How to solve my goal?
> The user "backup" should backup all data but not certain directories.

  It cannot be done.  Your two requirements amount to:

1- I want the backup user to be able to access all files and directories
without restriction.
2- I want the backup user to be restricted from accessing certain files and
directories.

  As a matter of plain logic, these requirements just cannot both be satisfied
simultaneously in the same universe!  There is no means to give the backup
user privileges to access only-some-but-not-all of the files that the ACLs say
it should not have access to, because it would essentially require an entire
second level of ACLs on every file in the system to keep track of which files
the backup privilege gave access to and which files it did not.

    cheers,
      DaveK


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple