On Nov 11 22:00, Takashi Yano via Cygwin wrote:
> On Mon, 11 Nov 2024 12:59:41 +0100
> Corinna Vinschen wrote:
> > On Nov 11 20:19, Takashi Yano via Cygwin wrote:
> > > On Mon, 11 Nov 2024 11:56:13 +0100
> > > Corinna Vinschen wrote:
> > >
> > > > On Nov 11 19:31, Takashi Yano via Cygwin wrote:
> > > > > On Fri, 8 Nov 2024 14:11:40 +0100
> > > > > Corinna Vinschen wrote:
> > > > > > If the server is a Samba share, check if `force unknown acl user =
> > > > > > yes'
> > > > > > and for the share itself, check that
> > > > > >
> > > > > > read only = No
> > > > > > vfs objects = acl_xattr
> > > > > ^^^^^^^^^^^^^^^^^^^^^^^
> > > > > Thanks! This makes things better.
> > > > > At least x permissions are set to executable compiled by gcc.
> > > > >
> > > > > However, something is still wrong in my environment....
> > > > > Others permission seems to be reffered in some cases.
> > > >
> > > > I don't understand. Please run icacls for a just created file on your
> > > > Samba share (without the below patch) as well as Windows' `whoami /all'.
> > >
> > > $ touch samba_test_file.txt
> > > $ icacls samba_test_file.txt
> > > samba_test_file.txt
> > > S-1-5-21-479325430-3041864944-504445739-1000:(R,W,D,WDAC,WO)
> > > S-1-5-21-479325430-3041864944-504445739-513:(R)
> > > Everyone:(R)
> > >
> > > This seems reasonable to me.
> > >
> > > For Windows 11 share, the result is
> > > samba_test_file.txt NULL SID:(DENY)(Rc,S,WEA,X,DC)
> > >
> > > S-1-5-21-2089672436-4097686843-2104605006-1001:(R,W,D,WDAC,WO)
> >
> > On Samba S-1-5-21-479325430-3041864944-504445739-1000
> > On Windows S-1-5-21-2089672436-4097686843-2104605006-1001
> >
> > Isn't the user mapping off?
> >
> > It's also not clear where your Windows ACL comes from. When I check the
> > permissions on typical Windows folders, Authenticated Users doesn't even
> > show up.
>
> On my machine,
>
> C:\Users\yano>mkdir \test_folder
>
> C:\Users\yano>icacls \test_folder
> \test_folder BUILTIN\Administrators:(I)(OI)(CI)(F)
> NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
> BUILTIN\Users:(I)(OI)(CI)(RX)
> NT AUTHORITY\Authenticated Users:(I)(M)
> NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
Those are inherited from the parent folder, i. e., C:\.
$ icacls C:\\
c:\
S-1-15-3-65536-1888954469-739942743-1668119174-2468466756-4239452838-1296943325-355587736-700089176:(S,RD,X,RA)
BUILTIN\Administrators:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Users:(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
NT AUTHORITY\Authenticated Users:(AD)
Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)
Funny enough, the C:\ default ACL on servers doesn't contain entries for
Authenticated Users. The group Users is tasking its place.
Corinna
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
