X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:cc
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=gr4KXlx3OB6c+HbM
	ogGie3PAGXiSDRhr/i+RAU7Dk8qgmBD8IKPU6+rnIlUlOx5xr+MCUftmrugSfCUz
	CW6H74duTY4fZOeyDlE8lOye7ChCl5ujBSVHkg8S9Q7LLW1LcPK3MfSZbdJSKYej
	oyL4thPNAVwBTc4NX3WEWkgFSJQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:cc
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=jFvOwC7hcB213juCQSQuKf
	4R/SQ=; b=UIqwVpDXqTWvLLDj7XmEMXMIsu0r2ymsqTE2dLwkCuVAvyS5n2Ggnh
	9uq2HmbHRGvASkRsmc1XCv9D6+/36DkJVDokRTBjE4P4yZ7cQJ8PzXM8TjVfFk7M
	w9zISxL47rNUXxzlArWewN5wamxtuZKqL4I5PG6Nc9f6YfbuC6BFc=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: Ishtar.hs.tlinx.org
Message-ID: <5604BA1F.6090608@tlinx.org>
Date: Thu, 24 Sep 2015 20:06:07 -0700
From: Linda Walsh <cygwin@tlinx.org>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Greg Freemyer <greg.freemyer@gmail.com>
CC: "cygwin@cygwin.com" <cygwin@cygwin.com>
Subject: Re: cygwin potentially corrupting permissions?
References: <CAGpXXZKUQtAbrQ80VDHZhy0aZtzG+5fDB7bcYz-kwQ3Kgx6ueQ@mail.gmail.com> <560366EE.5020207@tlinx.org> <CAGpXXZJeWs33BJi7qROduZEhTx1pXXXseTbfXu+QP8+cf_r5hQ@mail.gmail.com> <56043BA4.7040405@tlinx.org> <CAGpXXZLrourgJ39=n4M8kEKeF7tT3fCTafvLaSfZuHh62ffmUA@mail.gmail.com> <56044EBD.8090904@tlinx.org> <CAGpXXZLO_1MQFj3mNO6RubqHLLnh=9G2RDV=PQB0rM2aQP2GqA@mail.gmail.com>
In-Reply-To: <CAGpXXZLO_1MQFj3mNO6RubqHLLnh=9G2RDV=PQB0rM2aQP2GqA@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Greg Freemyer wrote:
> On Thu, Sep 24, 2015 at 3:27 PM, Linda Walsh <cygwin@tlinx.org> wrote:
>> Greg Freemyer wrote:
>>>
>>> Totally logical, but not accurate. )
>> ---
>>         What does it say if you do an 'lsacl' on "." (the parent directory).
> 
> $ ./lsacl.sh .
> [u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---/u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---] .
> 
> But maybe this is interesting.  I just created 2 folders in C:\   .  I
> did it at the C:\ level because I can't imagine I ever modified the
> ACLs on C:\.
> 
> Anyway, one directory was created via "mkdir" in cygwin.  The other
> via the file explorer.  Look at how different the ACLs are:
> 
> $ mkdir /cygdrive/c/Test-dir-created-in-cygwin
> 
> $ ./lsacl.sh /cygdrive/c/Test-dir-created-in-cygwin/
> [u::rwx,g::r-x,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:r-x/u::rwx,g::r-x,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:r-x]
> /cygdrive/c/Test-dir-created-in-cygwin/
> 
> $ ./lsacl.sh /cygdrive/c/Test-dir-created-in-file-explorer/
> [u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---/u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---]
> /cygdrive/c/Test-dir-created-in-file-explorer/
> 
> What's that about?  Again I'm not expert at ACLs, but the ACLs on the
> directory created via File Explorer look really strange to me.
-----
	That looks like the 'Creator User & Creator Group Policies at work, 
which try to let you create a dir in root, but give limited access to
that dir -- but doesn't allow just any Creator to have full access...

I think you are seeing a trickle down effect from the creator owner policy 
and the creator group policy banning full access -- because if you look
at the security tab in explorer I'll be those are pretty restricted...


> 
>>         This is a local file system?  NTFS?
> 
> Yes, C: drive. It's my local system drive on both computers and NTFS
> on both machines.
> 
>> Do you have process hacker?  Maybe the writing process has a different
>> integrity label or such.
----
	Look at the acl in the Explorer 'security tab'  You find some extra
rules for 'creators' that are supposed to allow them to do things inside the dir
but not to the dir or some such.


> 
> No, but let me know if you still want me to pursue that.  For now I'm
> thinking the ACLs on folders created via File Explorer are somehow
> getting screwed up.
----
	'screwed-up' is relative -- i.e. in this case, likely what explorer
is designed to do, (screw you), *str8-face*...

	In the home directory you want to deal with this in (I wouldn't
suggest changing drives from root folder (I do such things and constantly end
up with 'shot-in-foot' type problems that I get to have 'fun' fixing! ;->)
But get rid of the creator rules so they won't propagate.... have to do it from
windows those because those entities aren't posix.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple