This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: How to deny directory-access for one dedicated user


Andy Koppe wrote:
> 2009/10/13 Matthias Meyer:
>> But nevertheless, user Backup can access the directory as well as the files
> 
> Does user "Backup" have Administrator privileges? 

  No, user "Backup User" has the "Backup/Restore" privilege.  These are
well-known reserved names in the NT security architecture.

  And in fact administrator privs don't get you access to any file you like:
as it happens, the reason why adminstrators in fact *can* access any file on
the system, regardless of ACLs, is because they have _backup_ privileges -
it's the exact inverse of the question you asked!

  This is one of those areas where the underlying windows OS architecture
diverges significantly from how things work in POSIX land and Cygwin can't do
all that much to fudge over it.  You can be uid 0 on windows and not be able
to read a file when you want, or you can have uid non-zero and yet still get
complete access to every file you like!

    cheers,
      DaveK

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]