X-Recipient: archive-cygwin AT delorie DOT com
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 97EFE3858018
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=nexgo.de
Authentication-Results: sourceware.org;
 spf=pass smtp.mailfrom=Stromeko AT nexgo DOT de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexgo.de;
 s=vfde-smtpout-mb-15sep; t=1621973804;
 bh=sjCN83isn74zYlNkl2yVr0ZnEYvw42BapMfkM+fN3qk=;
 h=From:To:Subject:References:Date:In-Reply-To;
 b=LiTJ39/shkxVoyoVI03lLfNdKNdEvkihVUVsZSrTSfePFSLqesuDBOk2q6TyL2Lyy
 4UU4mwY65HS/03VKf5HC5ccemItAsDivrGA4tdtowsyBstflujFNhsTygcP54cwsge
 LphWRET1DC3RpYXD6dG53YX1lL/J8pwoEPRvQ5L4=
From: Achim Gratz <Stromeko AT nexgo DOT de>
To: cygwin AT cygwin DOT com
Subject: Re: How to disable the default bypass of the ACL permissions
 checking in Cygwin
References: <172f7dc5-87fd-e008-15d6-0ffd0af29323 AT autonomia DOT digital>
 <956270827 DOT 20210525224448 AT yandex DOT ru>
Date: Tue, 25 May 2021 22:16:43 +0200
In-Reply-To: <956270827.20210525224448@yandex.ru> (Andrey Repin via Cygwin's
 message of "Tue, 25 May 2021 22:44:48 +0300")
Message-ID: <87tumq1sd0.fsf@Rainer.invalid>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
X-purgate-type: clean
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate: This mail is considered clean (visit http://www.eleven.de for
 further information)
X-purgate: clean
X-purgate-size: 711
X-purgate-ID: 155817::1621973804-00000827-9F34C8F7/0/0
X-Spam-Status: No, score=-3032.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,
 RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cygwin-bounces AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces AT cygwin DOT com>

Andrey Repin via Cygwin writes:
> That's literally not possible. More likely explanation is that Administrators
> group have full access to the object in question.

They don't.  The issue at hand is that Cygwin uses SeBackupPrivilege and
SeRestorePrivilege if otherwise the object in question would not be
accessible.  The moral of the story is to drop those privileges /
capabilities when you don't need them via cygdrop or just don't use an
administrative account that comes with them in the first place.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Samples for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldSamplesExtra

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple