X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-2.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS X-Spam-Check-By: sourceware.org Message-ID: <4AD4D5FB.4000906@gmail.com> Date: Tue, 13 Oct 2009 20:33:15 +0100 From: Dave Korn User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: How to deny directory-access for one dedicated user References: <416096c60910131027g3df5021ei9b15ab5067353ce0 AT mail DOT gmail DOT com> In-Reply-To: <416096c60910131027g3df5021ei9b15ab5067353ce0@mail.gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Andy Koppe wrote: > 2009/10/13 Matthias Meyer: >> But nevertheless, user Backup can access the directory as well as the files > > Does user "Backup" have Administrator privileges? No, user "Backup User" has the "Backup/Restore" privilege. These are well-known reserved names in the NT security architecture. And in fact administrator privs don't get you access to any file you like: as it happens, the reason why adminstrators in fact *can* access any file on the system, regardless of ACLs, is because they have _backup_ privileges - it's the exact inverse of the question you asked! This is one of those areas where the underlying windows OS architecture diverges significantly from how things work in POSIX land and Cygwin can't do all that much to fudge over it. You can be uid 0 on windows and not be able to read a file when you want, or you can have uid non-zero and yet still get complete access to every file you like! cheers, DaveK -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple