X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-2.1 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: sourceware.org Message-ID: <49FA24BF.4000407@free.fr> Date: Fri, 01 May 2009 00:22:55 +0200 From: Sylvain RICHARD User-Agent: Thunderbird 2.0.0.18 (Windows/20081105) MIME-Version: 1.0 To: Tim McDaniel , The Cygwin Mailing List Subject: Re: I'd like to have an unreadable file References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Tim McDaniel wrote: > I'd like to test a script by giving it an unreadable file as an > argument. > > I usually log in as a user, but one that's in the Administrators > group. I made the file (a text file containing just "hello") owned by > user Administrator with absolutely no permissions for anyone else. Cygwin uses a little-known aspect of the NT security model. Besides permissions, there are also privileges. And administrators have the backup/restore privilege enabled by default, which means that they can bypass ACLs (access control lists). [1] Try with a standard user, not a members of the administrator's group. [1] You can use the editrights cygwin utility to manipulate privilieges. For example, editrights.exe -l -u Administrateurs should list SeBackupPrivilege and SeRestorePrivilege among others. And you inherit these privilieges from group membership. -- Sylvain RICHARD -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/