| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:reply-to:message-id:to:subject | |
| :in-reply-to:references:mime-version:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=L95UdGJKv9aCP9ZD | |
| zxHNeHNzPDPQ5PZChdGasxv9YR0sw4sXGvSUmf4g5vtyRo1rIllj5rXEMOSXCzbx | |
| l8PYMIr2rZrrromJ65X1G7DuMlbnMrcTMRjZ7jbNsVG0hjKi39RxjPl5SBtvlLk7 | |
| MTjKAqdt2oBDr4ETf/6t7upbECo= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:reply-to:message-id:to:subject | |
| :in-reply-to:references:mime-version:content-type | |
| :content-transfer-encoding; s=default; bh=BoVtBqkx3xaXzrbT5h876B | |
| nVJiM=; b=SMpzRxhmslGntuxS9kp4VpYE+ENUo9S5AYCk9G04qz2/VFCQZ0fj2v | |
| ZQZDb5uZ0PqOmCBy9X+5xaO876+dLvZzxdQT12v6ZR3VzGsDQDqJiF4ugUK6JO/z | |
| 0sOMWr7+OGKI9O8HHganGj7z49Z1EKtW7FnyZB7li+DP/39BYnAE8= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-0.8 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_FROM_URIBL_PCCC,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 |
| X-HELO: | smtp.ht-systems.ru |
| Date: | Tue, 31 Mar 2015 23:55:03 +0300 |
| From: | Andrey Repin <anrdaemon AT yandex DOT ru> |
| Reply-To: | cygwin AT cygwin DOT com |
| Message-ID: | <1837571490.20150331235503@yandex.ru> |
| To: | Eliot Moss <moss AT cs DOT umass DOT edu>, cygwin AT cygwin DOT com |
| Subject: | Re: More about permissions |
| In-Reply-To: | <551A9149.4020408@cs.umass.edu> |
| References: | <551A13D8 DOT 1030701 AT cs DOT umass DOT edu> <20150331101534 DOT GE32403 AT calimero DOT vinschen DOT de> <551A9149 DOT 4020408 AT cs DOT umass DOT edu> |
| MIME-Version: | 1.0 |
| X-IsSubscribed: | yes |
Greetings, Eliot Moss! >> Why does SYSTEM need full access to the files? If it's a backup tool, >> it has SE_BACKUP_NAME/SE_RESTORE_NAME access anyway. Every tool with >> Administrators in the token has the right to enable these access rights >> anyway. > I am not sure this particular program (CrashPlan) works that way. That's not program property, but the user you run the program from. > I suppose that I am seeing SYSTEM as the moral equivalent of root in > POSIX. In POSIX, root can access anything, and I don't believes ACLs > can lock it out. I agree that Windows does not really have the concept > of a single 'root'. Administrators is close, but the various aspects > of root are split up in different ways. We're not going to get a > perfect mapping. I think i've explained it earlir, but here's it again: In POSIX model, root have implicit permissions. In Windows model, there NO implicit permissions at all. Everything should be explicitly assigned. I.e. SeBackupRestore privilege. If you deny SYSTEM access to a file, OS will not be able to do anything about it. Been there, blocked changes to cmd.exe when I was experimenting with 4NT. (And cmd.exe was in fact renamed 4nt.exe.) None of the Windows autotools were able to get around it. > Maybe what I am looking for is something like this: > - Certain Windows accounts/groups would be treated as 'root' for cygwin's > purposes, perhaps controlled by a list in a file read when cygwin starts up. The list would be very short. "NT AUTHORITY\SYSTEM". -- With best regards, Andrey Repin Tuesday, March 31, 2015 23:48:58 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |