This is the mail archive of the cygwin-talk mailing list for the cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

OT: inherited ACL - full control, can only append to file


Any idea why I could append to "zam.pif" below, but

  echo > zam.pif

failed ("Permission denied")? 

"attrib" listed zam.pif as a hidden system file.  It was owned by
another user, and had only inherited permissions.

I was able to delete it.  

I wanted to empty the file out
without changing it's permissions ( had a virus ).

--
thanks,
Tom

v-v-v-v-v-v-v-v-v-v-v    D  E  T  A  I  L  S    v-v-v-v-v-v-v-v-v-v-v
/drv/m $ _wfi zam.pif # "_wfi is a bash script to show perms, it shows what it does"
+ setacl -on 'm:\zam.pif' -ot file -actn list -lst 'f:tab;w:o,g,d,s;i:n;s:n'
\\?\m:\zam.pif

   Owner: DOMxx1\johndoe

   Group: DOMxx1\Domain Users


SetACL finished successfully.
+ :
+ stat --printf 'name: %n\n  size: %s    type: %F\n  modify: %y\n  access: %x  change: %z\n' zam.pif
name: zam.pif
  size: 47104    type: regular file
  modify: 2005-12-11 18:34:42.000000000 -0600
  access: 2008-03-06 15:36:38.593270600 -0600  change: 2008-03-05 18:13:43.365871300 -0600
+ attrib 'm:\zam.pif'
   SH      M:\zam.pif
+ set +x
/drv/m $ ls -l zam.pif
----------+ 1 johndoe Domain Users 47104 Dec 11  2005 zam.pif
/drv/m $ echo > zam.pif
-bash: zam.pif: Permission denied
/drv/m $ dacl zam.pif
+ setacl -on 'm:\zam.pif' -ot file -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n'
\\?\m:\zam.pif

   Owner: DOMxx1\johndoe

   Group: DOMxx1\Domain Users

   DACL(not_protected+auto_inherited):
   BUILTIN\Administrators   full   allow   inherited
   NT AUTHORITY\Authenticated Users   read_execute   allow   inherited
   S-1-5-21-6622783460-1979792683-1801674531-2122   full   allow   inherited
   DOMxx1\staffuser2   full   allow   inherited
   S-1-5-21-6202436711-2025429265-1801674531-1005   full   allow   inherited
   S-1-5-21-6622783460-1979792683-1801674531-2114   change   allow   inherited
   DOMxx1\XYZ_BLD_MGR   change   allow   inherited
   S-1-5-21-6622783460-1979792683-1801674531-2117   full   allow   inherited
   DOMxx1\XYZ_ES_ADMIN   full   allow   inherited
   NT AUTHORITY\SYSTEM   full   allow   inherited


SetACL finished successfully.
+ set +x
/drv/m $ echo >> zam.pif
/drv/m $ echo abc > zam.pif
-bash: zam.pif: Permission denied
/drv/m $ handle zam.pif

Handle v2.2
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

No matching handles found.
/drv/m $ rm -f zam.pif
/drv/m $ ls -a
./   Bryn/     RECYCLER/                   Orly/    Gaul/              temp/
../  Riga.inf  System Volume Information/  Skye/  Abos/  tests/
/drv/m $ 
--snip/same user:
~ $ id -un
staffuser1
~ $ groups
XYZ_ES_STAFF Administrators ABC_NA-CTX-Notepad-A Domain Users XYZ_ES_ADMIN XYZ_Users Users


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]