X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3A5613858015 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1641822420; bh=7ru5A48A86H3ABnqPL8KUJl43lOFqc20sZu5WKRnun0=; h=Date:From:To:Subject:References:In-Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Reply-To:From; b=dH6JQihFrDmoshTeaJ/9jVEGHmSuvNFEe4lnnVmHKLo1CHKkIoa0nilSaOQknRc14 55MUvdV6tRbC+nSxofhadw8DW5roKfJuh/OZzRKhrOCVvpNRG4pgMpX4dtz8rnlbXS 5yGd7cn5cd7Q8bc6S/3Muut6Dgr1e3s4pjAVSVoc= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org BEF8D3858D28 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=cygwin.com Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=cygwin.com Date: Mon, 10 Jan 2022 14:46:26 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Duplicate ACLs? - Can't copy file even with Admin permissions Message-ID: Mail-Followup-To: cygwin AT cygwin DOT com References: <25043 DOT 7019 DOT 643488 DOT 389876 AT consult DOT pretender> <8735m12k3u DOT fsf AT Rainer DOT invalid> <25047 DOT 23325 DOT 33020 DOT 646017 AT consult DOT pretender> <25048 DOT 43238 DOT 484068 DOT 737126 AT consult DOT pretender> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Provags-ID: V03:K1:9E/hK4aLHNSu7xyZJV3+wyBFbC1aIubHF8bMEvdPi6djUJCgBkS XroTpMzQWhQBakpCxxkF2EU2JnqpVZNLJJcSuT8BOPwQVrm0Xm2bRQ2D+Q7c1arlZd6b9lY mVA7056W9q/VEUR3BwLPKcUeObV/jxVHUkKbzfDcXpxHBNFiAlIdwcyORBmbgyfPQ0+Gb1G zSMDlP0d2lsFkyog+gBWg== X-UI-Out-Filterresults: notjunk:1;V03:K0:LH1ahBC9Xvw=:it/lRzDoEUV1ILzhUe/noJ LbmPNFiFC3UsKCAzCp6sRci2dwvLVNEVDcLDVF9SAw4nwzsrnPPU5FnM7fGKnlOyjGDFGIvj3 HYp0yMeF6wXtv0gWsrlIRNy82zwdmIhUhaTcpZP3vJlXBLg8xKucye8gD/JhSXTYSjzpysn1y yP786a0+kJoIVhApL4ZKF2n1pXigB+Ye58ts+ldwt1OVCGXKjeYT0OUfNE2IQuOUm9rU5NMbx cobDtOg6yHEHXk7Pq5pOCJqj3XfTj6p434V4XzwTHdVabwhwV30antf4iPKj3aH1CH3VzAmeq 02Ay7AJFwpahtCtC4JMtPuDRZ77iClPjQxE69WWm2fdbGBbXizFjLc6bbYgnxNYnCbiyZqqtv gunLChK3px4M2uot6x7aBXRZ1uqfsrPTIILfZ1JbS69y5MAjDhhRxFxEDhzJUBZwCciIcSyd8 mX9yS1wzmQYZuv0xXE3y/gfbFzdgDnQcJYncKbKrtopW2aaYTGsBMmtjPU+j0IMC3DkKjZxJX C1ODhbQzCUuqH7JyPhhK8LAYWkLcGKTDrSPRL175w05vC6k2G+8MUVhbHMHpI/j4JpW5qCFRp 00IVEc95xe8aCGxtBGvs8PrE0BxNvD3wXii/H/lG3HjxhhW9mzMHAHWIYxf3UIGTmqToz1/LU byoot7h/33NTc1kQMFfYKIyTEPAUFIuCmrjalhVG2iryZHHzmo26sQtXTyE82yT32ocwXMwr0 dDHtPWVPtaL1RACv X-Spam-Status: No, score=-90.8 required=5.0 tests=BAYES_00, GOOD_FROM_CORINNA_CYGWIN, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_FAIL, SPF_HELO_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: cygwin AT cygwin DOT com Content-Type: text/plain; charset="utf-8" Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 20ADl1Ls004044 On Jan 10 11:07, Corinna Vinschen wrote: > On Jan 7 15:56, cygwin AT kosowsky DOT org wrote: > > > Corinna Vinschen wrote: > > > On Jan 6 16:11, cyg DOT DOT DOT AT kosowsky DOT org wrote: > > > It is. I realized belatedly, that 3da9e136.acl is apparently a > > > directory, not a file. > > > > It's actually a file... > > This is weird. The meaning of the OI and CI markers are "Object > inheritance" and "Container inheritance". These bits only make sense > for directories and they control how ACEs are inherited by child objects > (files) and child containers (subdirs). > > Consequentially, if I use `icacls /restore' on a file with the DACL > saved by you, the OI and CI bits are simply ignored. After /restore, > if I call /save again the resulting file looks like this: > > $ cat aclfile-after-restore.sav > acltest > D:PAI(A;;FA;;;SY)(A;;0x1200a9;;;WD)(A;;FA;;;BA) FTR, it's even worse. Windows ACEs with inheritence flags result in equivalent POSIX default ACEs. Per Linux (or better, POSIX 1003.1e draft 17), it's an error trying to set default ACEs on files. Therefore, a process trying to set the permissions as in your case would result in getting errno EACCES. Cygwin follows suit. > However, this gave me a clue. If this is really a file, it's a good > chance that the inheritance flags are restricted to directories at > one point in either the Cygwin DLL itself, or the getfacl tool. > > I'll have a look into the sources later, but I sure would prefer if > I could create such a file locally. I tried to create a file with equivalent ACL including the inheritence flags on W7, W10 and W11, but to no avail. After running icacls /restore the resulting DACL does not contain inheritance flags on none of the systems. Neither do the different Windows GUIs allow setting inheritance flags on files. I also ran getfacl under GDB and manipulated getfacl into believing that a directory with matching ACL is actually a file, but the output generated by getfacl was not showing the default ACEs at all: # file: acltest # owner: Administrators # group: SYSTEM user::rwx group::rwx other::r-x ¯\_(ツ)_/¯ Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple