X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:cc
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=gr4KXlx3OB6c+HbM
	ogGie3PAGXiSDRhr/i+RAU7Dk8qgmBD8IKPU6+rnIlUlOx5xr+MCUftmrugSfCUz
	CW6H74duTY4fZOeyDlE8lOye7ChCl5ujBSVHkg8S9Q7LLW1LcPK3MfSZbdJSKYej
	oyL4thPNAVwBTc4NX3WEWkgFSJQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:cc
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=jFvOwC7hcB213juCQSQuKf
	4R/SQ=; b=UIqwVpDXqTWvLLDj7XmEMXMIsu0r2ymsqTE2dLwkCuVAvyS5n2Ggnh
	9uq2HmbHRGvASkRsmc1XCv9D6+/36DkJVDokRTBjE4P4yZ7cQJ8PzXM8TjVfFk7M
	w9zISxL47rNUXxzlArWewN5wamxtuZKqL4I5PG6Nc9f6YfbuC6BFc=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: Ishtar.hs.tlinx.org
Message-ID: <5604BA1F.6090608@tlinx.org>
Date: Thu, 24 Sep 2015 20:06:07 -0700
From: Linda Walsh <cygwin AT tlinx DOT org>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Greg Freemyer <greg DOT freemyer AT gmail DOT com>
CC: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject: Re: cygwin potentially corrupting permissions?
References: <CAGpXXZKUQtAbrQ80VDHZhy0aZtzG+5fDB7bcYz-kwQ3Kgx6ueQ AT mail DOT gmail DOT com> <560366EE DOT 5020207 AT tlinx DOT org> <CAGpXXZJeWs33BJi7qROduZEhTx1pXXXseTbfXu+QP8+cf_r5hQ AT mail DOT gmail DOT com> <56043BA4 DOT 7040405 AT tlinx DOT org> <CAGpXXZLrourgJ39=n4M8kEKeF7tT3fCTafvLaSfZuHh62ffmUA AT mail DOT gmail DOT com> <56044EBD DOT 8090904 AT tlinx DOT org> <CAGpXXZLO_1MQFj3mNO6RubqHLLnh=9G2RDV=PQB0rM2aQP2GqA AT mail DOT gmail DOT com>
In-Reply-To: <CAGpXXZLO_1MQFj3mNO6RubqHLLnh=9G2RDV=PQB0rM2aQP2GqA@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Greg Freemyer wrote:
> On Thu, Sep 24, 2015 at 3:27 PM, Linda Walsh <cygwin AT tlinx DOT org> wrote:
>> Greg Freemyer wrote:
>>>
>>> Totally logical, but not accurate. )
>> ---
>>         What does it say if you do an 'lsacl' on "." (the parent directory).
> 
> $ ./lsacl.sh .
> [u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---/u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---] .
> 
> But maybe this is interesting.  I just created 2 folders in C:\   .  I
> did it at the C:\ level because I can't imagine I ever modified the
> ACLs on C:\.
> 
> Anyway, one directory was created via "mkdir" in cygwin.  The other
> via the file explorer.  Look at how different the ACLs are:
> 
> $ mkdir /cygdrive/c/Test-dir-created-in-cygwin
> 
> $ ./lsacl.sh /cygdrive/c/Test-dir-created-in-cygwin/
> [u::rwx,g::r-x,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:r-x/u::rwx,g::r-x,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:r-x]
> /cygdrive/c/Test-dir-created-in-cygwin/
> 
> $ ./lsacl.sh /cygdrive/c/Test-dir-created-in-file-explorer/
> [u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---/u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---]
> /cygdrive/c/Test-dir-created-in-file-explorer/
> 
> What's that about?  Again I'm not expert at ACLs, but the ACLs on the
> directory created via File Explorer look really strange to me.
-----
	That looks like the 'Creator User & Creator Group Policies at work, 
which try to let you create a dir in root, but give limited access to
that dir -- but doesn't allow just any Creator to have full access...

I think you are seeing a trickle down effect from the creator owner policy 
and the creator group policy banning full access -- because if you look
at the security tab in explorer I'll be those are pretty restricted...


> 
>>         This is a local file system?  NTFS?
> 
> Yes, C: drive. It's my local system drive on both computers and NTFS
> on both machines.
> 
>> Do you have process hacker?  Maybe the writing process has a different
>> integrity label or such.
----
	Look at the acl in the Explorer 'security tab'  You find some extra
rules for 'creators' that are supposed to allow them to do things inside the dir
but not to the dir or some such.


> 
> No, but let me know if you still want me to pursue that.  For now I'm
> thinking the ACLs on folders created via File Explorer are somehow
> getting screwed up.
----
	'screwed-up' is relative -- i.e. in this case, likely what explorer
is designed to do, (screw you), *str8-face*...

	In the home directory you want to deal with this in (I wouldn't
suggest changing drives from root folder (I do such things and constantly end
up with 'shot-in-foot' type problems that I get to have 'fun' fixing! ;->)
But get rid of the creator rules so they won't propagate.... have to do it from
windows those because those entities aren't posix.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple