This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: getfacl/setfacl problem


This is W2K, isn't it? It's very likely that you got a problem with that
damned inheritence of permissions from directories to child objects.

I have just checked in a patch to Cygwin to always set SE_DACL_PROTECTED
in the security descriptor of an object on every change to the security
descriptor. This is only for Win2K. You should never get this problem on
earlier NTs.

However, it might be that I will get hit for that change by other users
but I'm willing to live with that.

The change is already in the Cygwin CVS repository and will be part
of the next developers snapshot.

Hope, that helps,
Corinna


On Wednesday 20 December 2000 02:52, Andrew Dalgleish wrote:
> I have some permissions screwed up.
>
> I created a directory using the local admin account, and it inherited
> permissions from the local "Users" group.
> I then installed cygwin using a domain account.
> I created a valid /etc/passwd and /etc/group
>
> I used
> chgrp -R "Domain Users" /
> to reset the group and chmod to reset the permissions.
> Everything looks ok:
>
> andrewd@A5-2K:/ $ls -al / | grep var
> drwxr-xr-x   6 cygwin   Domain U        0 Dec 18 14:08 var
>
> The problem is that for some reason the local "Users" group still has
> access, as getfacl shows:
>
> andrewd@A5-2K:/ $getfacl /var
> # file: /var
> # owner: 1228
> # group: 513
> user::rwx
> group::r-x
> group:545:rwx
> mask::r-x
> other::r-x
> default:user::rwx
> default:group::r-x
> default:group:545:rwx
> default:mask::r-x
> default:other::r-x
>
> For some reason I cant get setfacl to remove the "group:545:"
> entries, all I get is
> "setfacl: illegal acl entries"
> even the following doesn't work
> touch foo
> touch bar
> getfacl foo | setfacl -f - bar
>
> (As a work around,
> chgrp "Users" $FILE && chgrp "Domain Users" $FILE
> seems to work.)
>
> I'm about to recompile everything so I can step through it.
>
> Regards,
> Andrew Dalgleish
>
>
> --
> Want to unsubscribe from this list?
> Check out: http://cygwin.com/ml/#unsubscribe-simple

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]