X-Recipient: archive-cygwin AT delorie DOT com X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4DDBC3865470 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=tlinx.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tlinx.org Message-ID: <60E460C7.7010203@tlinx.org> Date: Tue, 06 Jul 2021 06:55:19 -0700 From: L A Walsh User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: objects created in a dir w/cygwin mangled perms; inherit no-access References: <60E14AAA DOT 4000404 AT tlinx DOT org> <514405575 DOT 20210704172015 AT yandex DOT ru> In-Reply-To: <514405575.20210704172015@yandex.ru> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 List-Id: General Cygwin discussions and problem reports List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8"; Format="flowed" Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 166DvMmw028808 On 2021/07/04 07:20, Andrey Repin wrote: > The "+" at the end indicates presence of extended permissions. --- Ya, that's what I was referring to when I wrote about having 5 deny records at the front, though that didn't necessarily stand out. ⍨ Aside from the extended permissions, though, the net result was me getting a 'no access' when I tried to look into the directory with explorer. While I did have access via a local shell, I also have no-access from bash on a remote system (the samba domain controller on linux): > echo -n $(uname -n):;id |sed 's/groups.*//' Ishtar:uid=5013(law) gid=201(lawgroup) > ls -l newdir ls: reading directory 'newdir': Permission denied > ls -dl newdir dr-xrwxr-x 2 law lawgroup 0 Jul 6 05:20 newdir/ On local machine, same: > echo -n $(uname -n):;id |sed 's/groups.*//' Athenae:uid=5013(Bliss\law) gid=201(Bliss\lawgroup) ls -dxlF newdir d---rwxr-x+ 1 Bliss\law Bliss\lawgroup 0 Jul 6 05:20 newdir/ > > What getfacl says? # file: newdir # owner: Bliss\law # group: Bliss\lawgroup user::--- user:root:--- user:law:--- user:Astara:--- group::rwx group:SYSTEM:rwx group:Administrators:rwx group:Users:r-x mask::rwx other::r-x default:user::--- default:user:root:--- default:user:law:--- default:user:Astara:--- default:group::rwx default:group:SYSTEM:rwx default:group:Administrators:rwx default:group:Users:r-x default:mask::rwx default:other::r-x > What is "progd" ? Did you mount some directory into Cygwin tree? Sorta, actually the cygtree mounted at 'C:\'. So 2 Junctions and 1 symlinkd /Progd => /ProgramData/ /Prog => /Program Files (x86)/ /Prog64 => /Program Files/ > >> Of course I can overide, but why are such weird acls on >> this anyway? -- especially when it doesn't seem to really >> work? > > Probably because of interpretation of the original Windows permissions. --- Not exactly, I don't think. Windows doesn't add "DENY" entries up front. Seems like there should be a better way since MS's subsystem for UNIX didn't seem to use all those DENY entries that I ever saw. Am guessing they somehow came from those default CREATOR U/G entries on the parent directory. This problem has been around for a few years. Certainly, having it create no-access dirs for the user isn't desirable. I'm betting that they'd be denied locally as well if my local user didn't have admin override rights. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple