X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CAE603858C5E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1705916926;
	bh=vCsY0yiwR2+0aqZy6ko5xVeiW9Yjj5upZHdqIOKC+uc=;
	h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=Srw08KdqDMz/mImvO5eGY0KFJDf2gYlsGnYWf10bxRSn0Noi/XWJmYotVajxYu8Y7
	 2zZtrvmSZlTekR/cEQpYZ5xlJp96iZ6WLw+cyM4i72v5icqepsQaFXcpI7tbCm5rD/
	 zqrMnkfANcEkmjQ1GLYZunfQece7OuAIJiNwkiJ0=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1D2E73858C2F
Date: Mon, 22 Jan 2024 10:48:17 +0100
To: cygwin AT cygwin DOT com
Subject: Re: cygwin utils can access directory and its contents, but W10
 utils claim to have no access, why?
Message-ID: <Za454au_liWSTwhw@calimero.vinschen.de>
Mail-Followup-To: cygwin AT cygwin DOT com, John DOT Ruckstuhl AT gmail DOT com
References: <CAOBROv1Jgj1cZ6nL64Y=rYRR5cvd8VRw3XH0xD4E57c_=MKU=w AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CAOBROv1Jgj1cZ6nL64Y=rYRR5cvd8VRw3XH0xD4E57c_=MKU=w@mail.gmail.com>
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

On Jan 21 22:18, John Ruckstuhl via Cygwin wrote:
> I am seeing a weird phenomenon, hopefully someone can illuminate and teach.
> Or point me to an archived thread.
> 
> I have some folders that Cygwin utils can readily access,
> but W10 utils claim to have no access to.
> It feels as if
> *   the Cygwin utils try to do what they are commanded to do, and it's
>     up to the OS to refuse if the ACLs are insufficient.
> *   the W10 utils are written to decline to attempt access, due to some
>     convention or gentlemen's agreement (built into some API?).
> But wouldn't that lead Windows users to a false sense of protection, a
> false sense of security?

No, this has nothing to do with security, just with a weird concept
of user privileges.

Here's what happens:

> And (for Local Administrator Bob) no impediment to removing them, for example,
>     $ rm -r _MEI21282
> (success!)
> 
> BUT Windows utils run by Bob the Administrator on the remaining dir
> are blocked, like this

As you know, a "root" user on a Unix system has the right to ignore file
permissions.

That's why root users often have "rm" aliased to "rm -i" :)

Windows OTOH manages so called user privileges stored in the user's
access token.  One of these privileges is the right to ignore
permissions while reading (SE_BACKUP_PRIVILEGE), another privilege is
the right to set the ACL of a file to arbitrary permissions
(SE_RESTORE_PRIVILEGE).  These are the two privileges covering what a
"root" user can do to files.  As the names of these privileges suggest,
they were originally thought of privileges you only need for backup
tools.

Users in the Administrators group have these privileges in their user
token.  Under UAC, both privileges are removed from the token.  In an
elevated shell, though, both privileges are present.

The funny thing here is this: While both privileges are present in the
token, they are disabled by default.

They have to be enabled explicitely before you can exercise the
privileges.  Usually you do this in the same application
programatically.

Apart from backup tool, standard Windows tools practically *never*
enable these privileges, so they fail in various circumstances.  For
instance, a standard "del" in the CMD shell is not able to delete a file
even as administrator, if the file permissions don't allow delete access
for the Administrators group.

That's when you have to "take ownership" in the GUI as a last resort.
In NT4 times, even that had a good chance to fail for some reason I
never understood, back in the days.

However, since this concept is pretty weird and not a Unix concept, the
Cygwin DLL enables both privileges by default right at process startup.
If the privileges are not in the user token, nothing happens.  But if
the privileges are present, as for an elevated process of a user in the
Administrators group, then they will be enabled, and you're a "root"
user in the Unix sense.  And then it's "alias rm = rm -i" time again ;)


HTH,
Corinna

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple