Greetings, Jim McNamara! Please no top-posting in this list.
>> On 2020-10-23 21:49, Jim McNamara via Cygwin wrote: >> > On Fri, Oct 23, 2020, 10:06 PM Eliot Moss wrote: >> >> >> I have to admit I am not 100% sure what you are asking, but I am careful >> >> to grant SYSTEM access so >> >> that my backup program can access and save a copy of virtually >> everything >> >> > Thanks for you and Brian helping me. >> > I used icacls cygwin /q /c /t reset >> >> You have to be very careful using icacls and other Windows commands with >> Cygwin >> ACLs as >> >> "ICACLS preserves the canonical ordering of ACE entries: >> Explicit denials >> Explicit grants >> Inherited denials >> Inherited grants" >> >> and Cygwin's POSIX ACLs may or may not obey this canonical order; Windows >> File >> Explorer often does not consider Cygwin ACLs in what it considers canonical >> order and requires them to be reordered, which breaks the Cygwin >> permissions. >> >> Ah, that "NT AUTHORITY/SYSTEM" SID, normally paired with >> BUILTIN/Administrators, >> as users, groups, or both: >> >> $ ls -dl /proc/cygdrive/c/Users/; echo; getfacl /proc/cygdrive/c/Users/; >> echo; >> icacls C:/Users/ >> drwxr-xr-x+ 1 SYSTEM SYSTEM 0 Apr 13 2020 /proc/cygdrive/c/Users/ >> >> # file: /proc/cygdrive/c/Users/ >> # owner: SYSTEM >> # group: SYSTEM >> user::rwx >> group::r-x >> group:Administrators:rwx #effective:r-x >> group:Users:r-x >> mask::r-x >> other::r-x >> default:user::rwx >> default:group::--- >> default:group:Administrators:rwx #effective:r-x >> default:group:Users:r-x >> default:mask::r-x >> default:other::r-x >> >> C:/Users/ NT AUTHORITY\SYSTEM:(OI)(CI)(F) >> BUILTIN\Administrators:(OI)(CI)(F) >> BUILTIN\Users:(RX) >> BUILTIN\Users:(OI)(CI)(IO)(GR,GE) >> Everyone:(RX) >> Everyone:(OI)(CI)(IO)(GR,GE) >> >> Successfully processed 1 files; Failed processing 0 files >> > Yes, I see now what you are saying. Didn't know why it behaves like that. > Do you reccomend: > A. Noacl option in fstab > B. Reinstall and leave icacls in windows alone so I can deploy in future > with runtime C. Reinstall Cygwin into a new directory (or backup the current one and reinstall). Use noacl option for directories outside Cygwin tree (i.e. /cygdrive). -- With best regards, Andrey Repin Sunday, October 25, 2020 12:07:33 Sorry for my terrible english... -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
