Re: cygwin potentially corrupting permissions?

[Linda Walsh <cygwin at tlinx dot org>]

Greg Freemyer wrote:
> On Thu, Sep 24, 2015 at 3:27 PM, Linda Walsh <cygwin@tlinx.org> wrote:
> > Greg Freemyer wrote:
> > > Totally logical, but not accurate. )
> > ---
> >         What does it say if you do an 'lsacl' on "." (the parent directory).
>
> $ ./lsacl.sh .
> [u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---/u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---] .
>
> But maybe this is interesting.  I just created 2 folders in C:\   .  I
> did it at the C:\ level because I can't imagine I ever modified the
> ACLs on C:\.
>
> Anyway, one directory was created via "mkdir" in cygwin.  The other
> via the file explorer.  Look at how different the ACLs are:
>
> $ mkdir /cygdrive/c/Test-dir-created-in-cygwin
>
> $ ./lsacl.sh /cygdrive/c/Test-dir-created-in-cygwin/
> [u::rwx,g::r-x,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:r-x/u::rwx,g::r-x,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:r-x]
> /cygdrive/c/Test-dir-created-in-cygwin/
>
> $ ./lsacl.sh /cygdrive/c/Test-dir-created-in-file-explorer/
> [u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---/u::---,g::---,g:root:rwx,g:Authenticated
> Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---]
> /cygdrive/c/Test-dir-created-in-file-explorer/
>
> What's that about?  Again I'm not expert at ACLs, but the ACLs on the
> directory created via File Explorer look really strange to me.
-----
	That looks like the 'Creator User & Creator Group Policies at work, 
which try to let you create a dir in root, but give limited access to
that dir -- but doesn't allow just any Creator to have full access...

I think you are seeing a trickle down effect from the creator owner policy 
and the creator group policy banning full access -- because if you look
at the security tab in explorer I'll be those are pretty restricted...


> >         This is a local file system?  NTFS?
>
> Yes, C: drive. It's my local system drive on both computers and NTFS
> on both machines.
>
> > Do you have process hacker?  Maybe the writing process has a different
> > integrity label or such.
----
	Look at the acl in the Explorer 'security tab'  You find some extra
rules for 'creators' that are supposed to allow them to do things inside the dir
but not to the dir or some such.


> No, but let me know if you still want me to pursue that.  For now I'm
> thinking the ACLs on folders created via File Explorer are somehow
> getting screwed up.
----
	'screwed-up' is relative -- i.e. in this case, likely what explorer
is designed to do, (screw you), *str8-face*...

	In the home directory you want to deal with this in (I wouldn't
suggest changing drives from root folder (I do such things and constantly end
up with 'shot-in-foot' type problems that I get to have 'fun' fixing! ;->)
But get rid of the creator rules so they won't propagate.... have to do it from
windows those because those entities aren't posix.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple