X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=dky+gwi
	jiaW/A3HjLD1Cqw5nmuxL2MUnq5XweQZUS0ZsL0Mw76MP4cnM5i5R/nmOFIOxYBW
	8vb4uWgdPYbHehu8JyOoR3Gz0GGifTIvTwhs/t4gl8oeYhuWq1NwOhu7FinpzbWU
	yGWBvVA8+lrvco5+StSlqRP5qOq3QeDfpsLk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; s=default; bh=GqZkVqynZ2CBf
	5FYQydIU+Cf4fY=; b=qeueZXqw+5parQ/EF0ebhVNlIxAw+MgXXBZqay0lI9bHj
	UpOpw6LCfLeVUxIAdkYu6AKj15NrFfA22A09sa4sPN5jPLubb3/AxK1tUM8HB4fZ
	CiShhJVlqNOtaSKOtBTAB7f9waxixTROFUiFe8qMfqAQLuEs2Mz2gVkt5S0kGk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_2,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=D*ru, well-known, wellknown, HX-HELO:sk:mail-ed
X-HELO: mail-ed1-f41.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;        bh=JFIExPrt4KyXX5TibVkyWA39r540o/t84xNVqBftQww=;        b=Hnzs/SXGZmR/9lng2OZDts0HL2gVGwDzpEnMZfJTusbJDorF0JreK87fBcka45HTUQ         p8oIMMcXE0DlMgYPXnJ3gS76lLgkvwMc4vQ+sV6/nXDGe9nV7SQweXpB0W4fLXduI1Oe         6fFsgPNLSKPJeuFKkUc2pREVUVyjkiSPFx0SAKzgnEnT3u0Y+SpCVpzWlU17Ow/FF+2j         fguZ7FgdR8ekUzvl5D1CZQyPCEfs+dG3+pfMmyZarOAkLxx01j4V2l3SDa1BTLDyeaYc         CbgAhvrWeG+rRNAsmgsafUTj0KyXV7+ND3XqY9oUJiCItBVE3I91Lz7hk/Utypi+NmSD         ND+Q==
MIME-Version: 1.0
References: <CAJiKf6Ht6DA4hyVHWCocFwC5CNvkWNTMPZvitGdF-YyTgVYYfA AT mail DOT gmail DOT com> <1857710854 DOT 20191222165411 AT yandex DOT ru>
In-Reply-To: <1857710854.20191222165411@yandex.ru>
From: Peter Binney <peter DOT binney AT gmail DOT com>
Date: Mon, 23 Dec 2019 14:52:57 +0000
Message-ID: <CAJiKf6HiNckg8rHxibwrP=+n-rxobyVmSTH8kaooRtH8MXXmvA@mail.gmail.com>
Subject: Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset="UTF-8"

Hello Andrey - many thanks for that. I have now removed /etc/passwd
and /etc/group which didn't change anything.

I read some of your earlier posts on this and had already tried the noacl route.

Unfortunately it has made no difference. I added a second line to my
fstab so it read:

none /cygdrive cygdrive binary,posix=0,user 0 0
e: /cygdrive/e ntfs noacl,binary,posix=0,user,auto 0 0

with "mount" showing:

C:/cygwin/bin on /usr/bin type ntfs (binary,auto)
C:/cygwin/lib on /usr/lib type ntfs (binary,auto)
C:/cygwin on / type ntfs (binary,auto)
E: on /cygdrive/e type ntfs (binary,noacl,posix=0,user)
C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto)
D: on /cygdrive/d type ntfs (binary,posix=0,user,noumount,auto)
N: on /cygdrive/n type smbfs (binary,posix=0,user,noumount,auto)
P: on /cygdrive/p type smbfs (binary,posix=0,user,noumount,auto)

But when creating files on an E: I still get DENY for "NULL SID" and
other accounts.




On Sun, 22 Dec 2019 at 14:05, Andrey Repin <anrdaemon AT yandex DOT ru> wrote:
>
> Greetings, Peter Binney!
>
> > Creating a file using "> newfile", "icacls newfile" shows various DENY settings:
>
> > newfile NULL SID:(DENY)(Rc,S,WEA,X,DC)
> >         JCPR-DELL-3\peter:(R,W,D,WDAC,WO)
> >         NT AUTHORITY\SYSTEM:(DENY)(S,X)
> >         BUILTIN\Administrators:(DENY)(S,X)
> >         BUILTIN\Users:(DENY)(S,X)
> >         JCPR-DELL-3\None:(R)
> >         NT AUTHORITY\SYSTEM:(RX,W)
> >         BUILTIN\Administrators:(RX,W)
> >         BUILTIN\Users:(RX,W)
> >         Everyone:(R)
>
> > Whereas on a file created from Windows Explorer I see:
> > New Text Document.txt BUILTIN\Users:(I)(M)
> >                       Everyone:(I)(RX)
> >                       JCPR-DELL-3\peter:(I)(F)
> >                       BUILTIN\Administrators:(I)(F)
> >                       NT AUTHORITY\SYSTEM:(I)(F)
>
> > "mkpasswd" and "mkgroup"
>
> Please use getent
>
> > both show I (user "peter") have expected
> > entries in /etc/passwd and /etc/group (I attach both)
>
> Delete both from your system, they are not needed, except for extremely rare
> cases.
>
> > Running "whoami" commands from powershell shows:
>
> > PS E:\temp> whoami /groups
>
> > GROUP INFORMATION
> > -----------------
> > Group Name                                                    Type
> >         SID          Attributes
> > =============================================================
> > ================ ============
> > ==================================================
> > Everyone
> > Well-known group S-1-1-0      Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\Local account and member of Administrators group
> > Well-known group S-1-5-114    Group used for deny only
> > BUILTIN\Administrators                                        Alias
> >         S-1-5-32-544 Group used for deny only
> > BUILTIN\Performance Log Users                                 Alias
> >         S-1-5-32-559 Mandatory group, Enabled by default, Enabled
> > group
> > BUILTIN\Users                                                 Alias
> >         S-1-5-32-545 Mandatory group, Enabled by default, Enabled
> > group
> > NT AUTHORITY\INTERACTIVE
> > Well-known group S-1-5-4      Mandatory group, Enabled by default,
> > Enabled group
> > CONSOLE LOGON
> > Well-known group S-1-2-1      Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\Authenticated Users
> > Well-known group S-1-5-11     Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\This Organization
> > Well-known group S-1-5-15     Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\Local account
> > Well-known group S-1-5-113    Mandatory group, Enabled by default,
> > Enabled group
> > LOCAL
> > Well-known group S-1-2-0      Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\NTLM Authentication
> > Well-known group S-1-5-64-10  Mandatory group, Enabled by default,
> > Enabled group
> > Mandatory Label\Medium Mandatory Level                        Label
> >         S-1-16-8192
> > PS E:\temp> whoami
> > jcpr-dell-3\peter
> > PS E:\temp> whoami /user
>
> > USER INFORMATION
> > ----------------
> > User Name         SID
> > ================= =============================================
> > jcpr-dell-3\peter S-1-5-21-1468824806-2062748802-729869357-100
>
> > I also attach cygcheck.out
>
> See my earlier message, I strongly suggest "noacl" mount option for
> directories outside Cygwin root.
> No windows program expects stupid access restrictions produces by basic POSIX
> permissions.
>
>
> --
> With best regards,
> Andrey Repin
> Sunday, December 22, 2019 15:35:08
>
> Sorry for my terrible english...
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple