| www.delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DMARC-Filter: | OpenDMARC Filter v1.4.1 sourceware.org BD172383F416 |
| Authentication-Results: | sourceware.org; |
| dmarc=pass (p=none dis=none) header.from=yandex.ru | |
| Authentication-Results: | sourceware.org; spf=pass smtp.mailfrom=yandex.ru |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; |
| t=1625683800; bh=TXNjBMukx8M5TY+g2UPP35kDMNq5iPOxuK/9tSEsXsY=; | |
| h=In-Reply-To:Subject:To:From:Message-ID:References:Date:Reply-To; | |
| b=uZi7IAkWlUFFjO5LsibPqMsDLoZU2pxIeIoKE66Q6v30zIryS0Mc85SbOLk+JDCYv | |
| K7LvQGwNdS7tTGvzz6opI0BXafaErfnUcAMnD44RIZAiNTDdfyvSTh+OMQ9EKB1NET | |
| 3yLLkLIsySWnv4aI3PR77LXAY1D+LNoFdjVDxceg= | |
| Authentication-Results: | myt3-f110b7494aff.qloud-c.yandex.net; |
| dkim=pass header.i=@yandex.ru | |
| Date: | Wed, 7 Jul 2021 21:43:57 +0300 |
| From: | Andrey Repin <anrdaemon AT yandex DOT ru> |
| X-Mailer: | The Bat! (v6.8.8) Home |
| X-Priority: | 3 (Normal) |
| Message-ID: | <685980612.20210707214357@yandex.ru> |
| To: | L A Walsh <cygwin AT tlinx DOT org>, cygwin AT cygwin DOT com |
| Subject: | Re: objects created in a dir w/cygwin mangled perms; inherit no-access |
| In-Reply-To: | <60E460C7.7010203@tlinx.org> |
| References: | <60E14AAA DOT 4000404 AT tlinx DOT org> <514405575 DOT 20210704172015 AT yandex DOT ru> |
| <60E460C7 DOT 7010203 AT tlinx DOT org> | |
| MIME-Version: | 1.0 |
| X-Spam-Status: | No, score=-1.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, |
| DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, KAM_THEBAT, | |
| NICE_REPLY_A, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, | |
| SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 | |
| X-Spam-Checker-Version: | SpamAssassin 3.4.4 (2020-01-24) on |
| server2.sourceware.org | |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.29 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| Reply-To: | cygwin AT cygwin DOT com |
| Errors-To: | cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com> |
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id 167IoMTY031775 |
Greetings, L A Walsh! > On 2021/07/04 07:20, Andrey Repin wrote: >> The "+" at the end indicates presence of extended permissions. > --- > Ya, that's what I was referring to when I wrote about > having 5 deny records at the front, though that didn't necessarily > stand out. ⍨ > Aside from the extended permissions, though, the net result > was me getting a 'no access' when I tried to look into the > directory with explorer. While I did have access via a local > shell, I also have no-access from bash on a remote system (the > samba domain controller on linux): >> echo -n $(uname -n):;id |sed 's/groups.*//' > Ishtar:uid=5013(law) gid=201(lawgroup) >> ls -l newdir > ls: reading directory 'newdir': Permission denied >> ls -dl newdir > dr-xrwxr-x 2 law lawgroup 0 Jul 6 05:20 newdir/ > On local machine, same: >> echo -n $(uname -n):;id |sed 's/groups.*//' > Athenae:uid=5013(Bliss\law) gid=201(Bliss\lawgroup) > ls -dxlF newdir > d---rwxr-x+ 1 Bliss\law Bliss\lawgroup 0 Jul 6 05:20 newdir/ >> >> What getfacl says? > # file: newdir > # owner: Bliss\law > # group: Bliss\lawgroup > user::--- > user:root:--- > user:law:--- > user:Astara:--- > group::rwx > group:SYSTEM:rwx > group:Administrators:rwx > group:Users:r-x > mask::rwx > other::r-x > default:user::--- > default:user:root:--- > default:user:law:--- > default:user:Astara:--- > default:group::rwx > default:group:SYSTEM:rwx > default:group:Administrators:rwx > default:group:Users:r-x > default:mask::rwx > default:other::r-x >> What is "progd" ? Did you mount some directory into Cygwin tree? > Sorta, actually the cygtree mounted at 'C:\'. Ugh. Been there twenty years ago. Had a lot of unexpected issues and finally opted out of it. > So 2 Junctions and 1 symlinkd > /Progd => /ProgramData/ > /Prog => /Program Files (x86)/ > /Prog64 => /Program Files/ >> >>> Of course I can overide, but why are such weird acls on >>> this anyway? -- especially when it doesn't seem to really >>> work? >> >> Probably because of interpretation of the original Windows permissions. > --- > Not exactly, I don't think. > Windows doesn't add "DENY" entries up front. > Seems like there should be a better way since MS's > subsystem for UNIX didn't seem to use all those > DENY entries that I ever saw. Am guessing they > somehow came from those default CREATOR U/G entries > on the parent directory. This problem has been > around for a few years. > Certainly, having it create no-access dirs > for the user isn't desirable. I'm betting that they'd > be denied locally as well if my local user didn't > have admin override rights. It may be something in the parent directory or fstab mount options. Needs a more thorough investigation. But I think it would easily be avoided by a saner directory layout. -- With best regards, Andrey Repin Wednesday, July 7, 2021 21:38:20 Sorry for my terrible english... -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright 2019 by DJ Delorie | Updated Jul 2019 |