X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=BIsp24efkwPrWrk6vc/Udr4DVptCCd1Y6Oo20Q+XDe3RvISgdSTAF 8/XzwkAr7DtwI15oG6515OxD3qFSALBdtG7onEPLrW2LeZohie15Hy5kyqV0QLjp FwULLoITOMrIDY97H3XE1YCdQSl+z7ijd61+b6nawBtyFzBRn0R79w= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=VOKlo2UW59NpsGN0yx+dPOYwkCE=; b=MlGihTbESJqiROoq+/5KqMtcq3G+ NGKXt1BVcVQSYSPlPXOPzsd5yJysMcjqBl2oDbc1s0pt+nNcV6+ywIMXAfFuTsaH tkPFJ8ZP7Sx/AUh1CL0Qn24719GQNsH+aGYuxyak1X1VfTsGx7dQNOIC0xDARQkv OXVSdkKbY+XdVIg= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-93.9 required=5.0 tests=BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=H*R:U*cygwin, DOT, deny, Sometimes X-HELO: calimero.vinschen.de Date: Sat, 5 Mar 2016 11:01:37 +0100 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Issues with ACL settings after updating to the latest cygwin.dll - correction Message-ID: <20160305100137.GB3860@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <2119166713.121814507.1457103633265.JavaMail.root@zimbra93-e16.priv.proxad.net> <550385091.121913198.1457106187258.JavaMail.root@zimbra93-e16.priv.proxad.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cNdxnHkX5QqsyA0e" Content-Disposition: inline In-Reply-To: <550385091.121913198.1457106187258.JavaMail.root@zimbra93-e16.priv.proxad.net> User-Agent: Mutt/1.5.24 (2015-08-30) --cNdxnHkX5QqsyA0e Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Akiki(?), On Mar 4 16:43, akikij@free.fr wrote: > Hi, > I have the different problems you have about this new security right NULL= SID DENY added to some files. I still doubt the NULL ACE is the actual culprit of whatever you observe. A NULL ACE doesn't affect your permissions, unless you have a NULL SID in your user token, which is extremly unlikely. > Sometimes also Windows can't access files concerned. > He considered security rigths unordered and I have to class them before c= ontinue. > It's too difficult for me to help you to correct the problem. No, I don't think so. First of all, the order in the ACL is deliberate to provide an emulation of POSIX permissions. Don't reorder the ACL using Windows means, this *will* break the ACL evaluation. Please also note that the Windows OS does *not* fail to evaluate an ACL just because it's not in the so-called "canonical order". The OS strictly evaluates the ACL top-down, from the first to the last ACE, without worrying about the order. Only the GUI and certain Windows tools written to manipulate an ACL (e.g. icacls) will choke on such ACLs. Don't use such tools on Cygwin-created ACLs. Use Cygwin's chmod, chown, and setfacl for this. My problem is this: You're the third person on this list reporting a problem along the lines of "ACL doesn't work with Windows", without giving me a clear reproducer. What I need is a clear description what *exactly* you do and what *exactly* fails. I assume you created a file using some Cygwin tool and then try to access it from non-Cygwin tools. Are you unable to read or write the file using that Windows tool? Are you expecting to double click on the file to execute something? I really need a=20 simple description which is easily reproduced using Windows system tools. What I then also need is that you do *NOT* try to *fix* the ACL, but rather send me - icacls output of the file and its parent dir - getfacl output of the file and its parent dir *If* there's a real problem, I need to be able to reproduce it, otherwise I won't be able to fix it in Cygwin. Thanks, Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --cNdxnHkX5QqsyA0e Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW2q6BAAoJEPU2Bp2uRE+gQpIQAKV5Spu1GFrrWkupL4rtOaN1 yG5jdDKQ9NdvXKSHhEwlohB21X7nz6+Jlp8QKd/Y9L8r5ytFW+6JCXksicaEzZLK neUQN3J3VNj9BiZ8Vjp/dM4MMvit0T+0OpttCv4aPNHFUQZ+A7xU71xaUtXxMlc9 WzQAriK2sc+guO7HDUqow3+wPY7xk/FricFxIr2u7ebycaaop9R8lF+m9bFvHYzo F5W9mkyIKrNlmzmr9KS/ReTUdk0su8JI0sN9oF0ty2YLKCuu83Dsqiq5FpBXogy/ /l2wgOtSJUldvvp4SD9ZEgff6MGCZvqGGlBrS5b965xjUL3mX06JBxFvcQEgPsKy 38bXMpAAX5dvcnochDHlDHQtHQ8icy6De0/XyMnPU2b0zLV9s6vvid8/qN6b9Ogi m/i2730sFKHZX8Xo+uuj8dVnxO78z2o3JOpGvryK34dQAJFiyJARl58Ga7mXBGrG pCYd8PC7Waf+exzqtRLnP8b9poZdFLSbBnloBq9qwPumTJAccp1NbpjTSBRSqX6U renO+Sm0VFgHkFQlk39qOFL1+OOPrDQjUZD1m67Ko7eNOAgJ7qCTHev3fYrFOHqt Don+zWnwJPHCTL03+g+vB89FFyTtstn1Wx8Nm178hk/UB4tnfIuwpZ6H0hkT/iMN nqRLQWR3rj/UgK1vCADj =iAIa -----END PGP SIGNATURE----- --cNdxnHkX5QqsyA0e--