Mail Archives: cygwin/2024/03/18/10:30:44

"J. Terry Corbet via Cygwin" <cygwin AT cygwin DOT com> · Mon, 18 Mar 2024 08:30:13 -0600

Thank you for the greatly needed assistance, but the reference to which 
you have pointed me says that noacl will be ignored in the case of ntfs 
file systems.  All of mine are and that has not changed, neither has the 
default entry in fstab, which seems always to have been:

none /cygdrive cygdrive binary, posix=0, user 0 0

On 2024-03-18 04:41, Corinna Vinschen via Cygwin wrote:
> On Mar 16 18:05, J. Terry Corbet via Cygwin wrote:
>> [...]
>> And here is the status that icacls reports back on the original, owning
>> workstation
>> after having use vim to modify the two files from that remote workstation.
>>
>> FileExp.txt NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)
>>              NW10\tcorbet:(DENY)(S,RD,WD,AD,REA,WEA,X,DC)
>>              NW10\tcorbet:(D,Rc,WDAC,WO,RA,WA)
>>              NW10\None:(Rc,S,RA)
>>              NT AUTHORITY\Authenticated Users:(RX,W)
>>              NT AUTHORITY\SYSTEM:(RX,W)
>>              BUILTIN\Administrators:(RX,W)
>>              BUILTIN\Users:(RX)
>>              Everyone:(Rc,S,RA)
>>
>> vimtest.txt NULL SID:(DENY)(Rc,S,WEA,X,DC)
>>              NW10\tcorbet:(R,W,D,WDAC,WO)
>>              NW10\None:(DENY)(S,X)
>>              NT AUTHORITY\Authenticated Users:(DENY)(S,X)
>>              NT AUTHORITY\SYSTEM:(DENY)(S,X)
>>              BUILTIN\Administrators:(DENY)(S,X)
>>              BUILTIN\Users:(DENY)(S,X)
>>              NW10\None:(RX)
>>              NT AUTHORITY\Authenticated Users:(RX,W)
>>              NT AUTHORITY\SYSTEM:(RX,W)
>>              BUILTIN\Administrators:(RX,W)
>>              BUILTIN\Users:(RX)
>>              Everyone:(R)
>>
>> If my understanding is correct concerning the precedence handling of an
>> ACL with multiple ACEs for the same user/ID, this result from grep
>> on the original, owning workstation would not surprise you:
>>
>> F:\Dev\cygshoot>grep foo fileexp.txt
>> grep: fileexp.txt: Permission denied
>>
>> but it blows me completely away.  Clearly I no longer have an environment
>> in which I can work on any file from any workstation using any Cygwin
>> utilities.
>>
>> What have I messed up?
> The problem is that your identity is based on the SID of every single
> machine, and the machines don't know the SIDs of other machines.  The
> default ACL created in Cygwin is emulating POSIX permissions.  This
> becomes a problem when sharing files between machines not in the
> same Windows domain.
>
> The workaround is not to use POSIX permissions on shares.  Create
> matching mount points in /etc/fstab or /etc/fstab.d/ and add the
> "noacl" mount flag:
>
>    https://cygwin.com/cygwin-ug-net/using.html#mount-table
>
> Alternatively, you can also just add an fstab entry for the cygdrive
> prefix which adds the "noacl" flag, see
>
>    https://cygwin.com/cygwin-ug-net/using.html#cygdrive
>
> but keep in mind that this also affects local paths if you access
> them via the cygdrive prefix.
>
>
> HTH,
> Corinna
>

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org A559D3858413
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1710772243;
	bh=pa9wX0jxCSYeIcqqRZn002b9bzaz0Fvct6o7J92BM5Q=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=cnKFYeatqtt65chd+7qsVvrRHc6cjpqZvcBPcz7rG6bOxQHMjd8z2Iewta76Z0+ma
	NcHBCQxDItg2YUfmbKBKZyGH6z+9qZgB0ibgeDoIAUXNbeaIOFPfmeTjlto1GAG3fI
	yD5Fg8A+1bb1iuOQNgfTCsvbT8YbZvMvVCFfuCQY=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 655E23858D37
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 655E23858D37
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710772216; cv=none;
	b=Whxka71xng4Dg8LiP9cRs/Y6JA8vXWanQ00xdMNcIdodV4if1qIj8tmnq4yKyooLjiLhqN3gmxG4rBk6txgybEstZWTS1O3c0lwhBRHTQ5N9w4VLE91kAbk/5Kg3vXbd4YYRD2ocuLhTPC23Dj0tFMOzbLWnu4O6B31/OuybajI=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1710772216; c=relaxed/simple;
	bh=RowfjFmOMnSIki5eyDiuU4XPJTeSoitMihYehlSrCqw=;
	h=DKIM-Signature:From:Message-ID:Date:MIME-Version:Subject:To;
	b=ZrKyJYpiCQ6KW1TWklCAJRZWC/KPGoy9U3czsACzkFvIo2EmlRaE8aEaSfBRZo7Zbt7UAIDjxSEyAs3kURWSXREdntICNsJ4tOBG3DfAgsk4GEdWUVx/x/fOySDzHKW8w/3X9oWYVHaw4xJiBM2t21AgMO1pRFQoESptqj8UYW8=
ARC-Authentication-Results:	i=1; server2.sourceware.org
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20230601; t=1710772213; x=1711377013;
	h=in-reply-to:content-language:references:to:subject:user-agent
	:mime-version:date:message-id:from:x-gm-message-state:from:to:cc
	:subject:date:message-id:reply-to;
	bh=9OzgRyhLf5PMGsFXziPsRNb2DGSnx0VXiD+36SN14ng=;
	b=fTiMvaGEcu150W2nq2pO1XjhXd/GYLx2wm3lZ//iDWCdSB6b/bvld23XnA6XYL5y1A
	W5cBMbGYI0Gj4E+kQiLqwSSzpThQYZxYBNH7RQmV/RB4bMXR3kW/yBr6onFa6047Fgpm
	FuNx6w1oIS9rM3zDPAa/DRK0+YgQwNHfV56QNDtJwXWUVVMinXYkBKwgYOSgg7jHgdlo
	gvadQRIbQn1jPiY2FWBWxEanGaUmZXQiU8FAGd8lzb7MMwH8Xu03o1XsRHWBbnlNjyP6
	4+fC8lt2Szslk8nlJ0FxjNyPxz0ZU0OFbh3KN2cm9vbLZUkeyxqSNaoMVBl3KCt2YIjW
	reLw==
X-Gm-Message-State:	AOJu0YxtKK48+21xOCtoXwAlhr3Zoz4ExQ8wLD0qDxMMqs4oKyPo4bsB
	hJRb/f8O1Tuq2R2scOx6zhiiErn6lV69Q8CGqAzCerV4FLOCjuXKO5mt6Vc=
X-Google-Smtp-Source:	AGHT+IHMfg0ZbB6bmzlaXZ56ukE3y7/mCyGWL63vhqTB7j6tTkKBRnVmwnUtx134qyN4n8f0KPR0Ow==
X-Received:	by 2002:a5d:8491:0:b0:7c8:b7ac:23b with SMTP id
	t17-20020a5d8491000000b007c8b7ac023bmr14703011iom.4.1710772213190;
	Mon, 18 Mar 2024 07:30:13 -0700 (PDT)
X-Google-Original-From:	"J. Terry Corbet" <Terry DOT Corbet AT GMail DOT com>
Message-ID:	<e13760eb-7908-44ee-8af7-162794388c5f@GMail.com>
Date:	Mon, 18 Mar 2024 08:30:13 -0600
MIME-Version:	1.0
User-Agent:	Mozilla Thunderbird
Subject:	Re: ACEs and ACLs
To:	Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com>
References:	<9bec816c-66ea-49cb-baaa-47137fa2938f AT GMail DOT com>
	<ZfgaaDfqVvzOkUrq AT calimero DOT vinschen DOT de>
In-Reply-To:	<ZfgaaDfqVvzOkUrq@calimero.vinschen.de>
X-Spam-Status:	No, score=-0.1 required=5.0 tests=BAYES_00, BODY_8BITS,
	DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM,
	HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-Content-Filtered-By:	Mailman/MimeDel 2.1.30
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	"J. Terry Corbet via Cygwin" <cygwin AT cygwin DOT com>
Reply-To:	"J. Terry Corbet" <terry DOT corbet AT gmail DOT com>
Errors-To:	cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 42IEUiki374727

webmaster	delorie software privacy
Copyright � 2019 by DJ Delorie	Updated Jul 2019