X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:subject:from:to:mime-version :content-type:content-transfer-encoding; q=dns; s=default; b=trj UVfu+kaCaug5Se803chfhIRJ2ErOSuMzm2NCglW8NsGyz7lP5X41FLqQhIWwwxNM 5xG6xavR/AU/EohMwrH+//BjNfamcaVER4V3I7hXD2B78TiMauG/2feozW1Ual91 KNN0oAwfnM/YrRtmaCOT00fnp6I5a/+TIvJzLErQ= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:subject:from:to:mime-version :content-type:content-transfer-encoding; s=default; bh=U/CtnAwHL wW7LLxFSBln+ZdVk4s=; b=xMRIoJsi2h7NMaGOurJ0j2XQ4c1E6QlYkIdwtQ/2i 7hW0eqfdHLN/jyqoefLX3baIhHiczgqh6oqlsdPVvLEQLXASdT0DTH6ohUZeSuYj poz5TNInPb/9FeUeOHEU6flqf8YiEDxVsryjLyp8ttNAXRuQEYb+30QMBipKxEPt LA= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.2 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-HELO: lb2-smtp-cloud6.xs4all.net Message-ID: <9809893dbbb682398e2602fd29490b83.squirrel@webmail.xs4all.nl> Date: Fri, 27 Feb 2015 19:17:44 +0100 Subject: I really, really wonder ... From: "Houder" To: cygwin AT cygwin DOT com User-Agent: SquirrelMail/1.4.18 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit Hi Corinna, Ref: https://cygwin.com/ml/cygwin/2015-02/msg00856.html - Too Many Permissions Stripped In 1.7.35? Is it true? Is Cygwin a system to manage Windows? I NEVER got that impression. I have always been content that I was able to use Cygwin in a directory tree, that had been especially prepared by me for the sake of using Cygwin (doing development-like things). Using Cygwin on NTFS (i.e. Windows ACL), trouble is "around the corner", I believe. As an example, below an attempt to create a "posix" directory on a filesystem (drive), that has NOT been modified (!nurtured!) in advance. I wonder whether it is really worthwile to "fortify" Cygwin against each and every "mishap" that Windows may throw at Cygwin? (yes, sort of a vote, that you asked for) (btw, how about some sleep now and then?) (you are welcome NOT to reply -- I just wanted to get this off my chest :-) Henri ----- List of comands: -- yes, I know, the example is somewhat artifical - create QL using Explorer - chown Henri:None QL # perm denied -- file owner == Henri ... not Unixy, is it? - setfacl -b QL # perm denied - setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # perm denied - touch QL # ... oh well, as an exception ... - chmod 000 QL # 000? yes, you may argue why ... (well, it apparently does the job) - setfacl -b QL # look here, now it succeeds - chmod 755 QL # succeeds, but ... creator owner still suffers ... - setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # finally, target achieved! @@ uname -a CYGWIN_NT-6.1-WOW Seven 1.7.35s(0.286/5/3) 20150226 20:41:55 i686 Cygwin @@ pwd # NON-elevated bash /drv/d @@ icacls.sh QL D:/QL BUILTIN\Administrators (I)(F) BUILTIN\Administrators (I)(OI)(CI)(IO)(F) NT AUTHORITY\SYSTEM (I)(F) NT AUTHORITY\SYSTEM (I)(OI)(CI)(IO)(F) NT AUTHORITY\Authenticated Users (I)(M) NT AUTHORITY\Authenticated Users (I)(OI)(CI)(IO)(M) BUILTIN\Users (I)(RX) BUILTIN\Users (I)(OI)(CI)(IO)(GR,GE) Successfully processed 1 files; Failed processing 0 files @@ ls-facl.sh QL D:/QL Owner: Seven\Henri <==== yes, I am the owner! Group: Seven\None DACL(not_protected): BUILTIN\Administrators full allow no_inheritance BUILTIN\Administrators full allow \ container_inherit+object_inherit+inherit_only NT AUTHORITY\SYSTEM full allow no_inheritance NT AUTHORITY\SYSTEM full allow \ container_inherit+object_inherit+inherit_only NT AUTHORITY\Authenticated Users change allow no_inheritance NT AUTHORITY\Authenticated Users change allow \ container_inherit+object_inherit+inherit_only BUILTIN\Users read_execute allow no_inheritance BUILTIN\Users read_execute allow \ container_inherit+object_inherit+inherit_only SetACL finished successfully. @@ chown Henri:None QL chown: changing ownership of ‘QL’: Permission denied @@ setfacl -b QL setfacl: Permission denied @@ setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL setfacl: Permission denied @@ touch QL @@ chmod 000 QL # because chmod 'rocks', apparently ... some sort of healing potion, I imagine? @@ icacls.sh QL D:/QL Seven\Henri (D,Rc,WDAC,WO,RA,WA) # will have to work on that Seven\None (Rc,S,RA) Everyone (Rc,S,RA) BUILTIN\Administrators (Rc,S,RA) BUILTIN\Administrators (OI)(CI)(IO) NT AUTHORITY\SYSTEM (Rc,S,RA) NT AUTHORITY\SYSTEM (OI)(CI)(IO) NT AUTHORITY\Authenticated Users (Rc,S,RA) NT AUTHORITY\Authenticated Users (OI)(CI)(IO) BUILTIN\Users (Rc,S,RA) BUILTIN\Users (OI)(CI)(IO) Successfully processed 1 files; Failed processing 0 files @@ setfacl -b QL # get rid of those useless mavericks ... @@ icacls.sh QL D:/QL Seven\Henri (D,Rc,WDAC,WO,RA,WA) Seven\None (Rc,S,RA) Everyone (Rc,S,RA) CREATOR OWNER (OI)(CI)(IO)(D,Rc,WDAC,WO,RA,WA) CREATOR GROUP (OI)(CI)(IO)(Rc,RA) Everyone (OI)(CI)(IO)(Rc,RA) Successfully processed 1 files; Failed processing 0 files @@ chmod 755 QL # will it restore full control? @@ icacls.sh QL D:/QL Seven\Henri (F) Seven\None (RX) Everyone (RX) CREATOR OWNER (OI)(CI)(IO)(D,Rc,WDAC,WO,RA,WA) # uhm, creator owner still suffers ... CREATOR GROUP (OI)(CI)(IO)(Rc,RA) Everyone (OI)(CI)(IO)(Rc,RA) Successfully processed 1 files; Failed processing 0 files @@ setfacl -s u::rwx,g::r-x,o:r-x,d:u::rwx,d:g::r-x,d:o:r-x QL # now what can I expect from this command? @@ icacls.sh QL D:/QL Seven\Henri (F) Seven\None (RX) Everyone (RX) CREATOR OWNER (OI)(CI)(IO)(F) # Oh well, it did the trick ... CREATOR GROUP (OI)(CI)(IO)(RX) Everyone (OI)(CI)(IO)(RX) Successfully processed 1 files; Failed processing 0 files @@ ===== -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple