This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cygwin potentially corrupting permissions?


Greg Freemyer wrote:
Linda,

I saved your script as "lsacl.txt".  Then I used "cp lsacl.txt it" to
make a copy.

The copy is permission denied for reading.  Basic ls -l shows no
difference (as expected)

$ ls -l lsacl.sh it
----rwx---+ 1 gaf None 1630 Sep 24 12:05 it
----rwx---+ 1 gaf None 1630 Sep 24 12:00 lsacl.sh

But your script does show a difference:

$ ./lsacl.sh lsacl.sh it
[u::---,g::---,g:root:rwx,g:Authenticated
Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---/] lsacl.sh
[u::---,g::r-x,g:root:rwx,g:Authenticated
Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---/] it
---
	Well user 'gaf' (that's you, from the file perms has no access).

	So up front, you are denied before anything happens.

lsacl is the embedded acl (the '+') at the end of the file perms

u::--- = user seen by 'ls -l' has no access, g::--- = group seen by 'ls -l has no access
g:root:rwx = group root has read/write/execute access
g:Authenticated Users:rwx == group consisting of Authenticated Users...
(after you login or provide credentials).
m:rwx  m = a maximum allowed privs 'mask' for user/groups other
	than owner, but since all bits are turned on, it has no limiting
	effect
o:---  = other has no access

So the main take-away is that since your 'user' has no access, pretty much everything else is ignored.

From the mode-bits+acl, amost anyone in the groups:
root, Authenticated Users,SYSTEM, or Users, ***except** User 'gaf' (you) should have access...

you might try 1) chmod u+rwx file ...
then look at both mode+acl... if you have no access
and acl still says u::---, then nuke the acl or modify it with "setfacl" (setfacl --help)...


We seem to travel the same mailing lists.  This is my first time to cygwin's.

----
Yeah... I wondered about that -- my Tbird tried to change my
reply addr to suse(at)tlinx based on you being the 1st address I typed
in... ;-)

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]