At 05:23 PM 9/22/2003, Chris Rodgers you wrote: >> On Mon, Sep 15, 2003 at 05:35:20PM +0100, Chris Rodgers wrote: >> > OK. Here is an example of the way permissions leak out to "Everyone". I >> > create a new file, with no permissions granted to "other". Cygwin shows >this >> > to have worked OK. Yet in actual fact there is an ACL there giving >Everyone >> > some access rights. I usually choose not to have "Everyone" authorised >to do >> > anything on my Windows NT/2000 boxes, using Authorised Users instead. >This >> > way, without a valid login, you cannot get any information, including >> > usernames and ACLs. >> > >> > How can I stop cygwin setting these ACLs? >> >> Did you have a close look to the access rights granted to everyone? >> Otherwise, just don't use ntsec. >> >> Corinna >> >> > [...] >> > Everyone:(special access:) >> > READ_CONTROL >> > FILE_READ_EA >> > FILE_READ_ATTRIBUTES >> > >For the archives (NOT for release :-)), I think that a quick hack is to >redefine well_known_world_sid in src/winsup/cygwin/sec_helper.cc to be >"S-1-5-11" instead of "S-1-1-0". This refers to the "Authorized Users" >well-known group, instead of to "Everyone".
Glad you found a resolution to this for your own needs but I have to say I'm with Corinna. I don't see how giving everyone read access to the security descriptor/attributes/extended attributes is a problem. The file still can't be accessed unless that information says that it can for the current user. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 838 Washington Street (508) 893-9889 - FAX Holliston, MA 01746 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
