This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Repairing permissions after windows reinstall -- scripts to do it
Here's what worked for me in the end, over several days (I had several
hundred thousand files to fix):
These could be parameterised much better, but I leave that as an
exercise to the user...
These both use subinacl, as getting /substitute ... /restore to work
with icacls was beyond me.
fixPerms.sh (to fix a single directory or file):
#!/bin/bash
d=${1:-.}
#echo "fp: |$d|"
# Download subinacl
# from https://www.microsoft.com/en-gb/download/details.aspx?id=23510
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$d" /replace=S-1-5-21-xxx-1001=luther\\[me]
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$d" /replace=S-1-5-21-xxx-513=luther\\None
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$d" /replace=S-1-5-21-yyy-1001=luther\\[me]
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$d" /replace=S-1-5-21-yyy-513=luther\\None
icacls "$d" /remove "NULL SID"
chown [me] "$d"
You'll have to replace [me] with your username, and xxx with the meat of
whatever SIDs your new install has given you and "Domain Users". The
second pair of subinacl calls are there because I had done more than one
reinstall, so had more than one stale persona to replace -- if you only
have one stale persona, you obviously don't need them.
walkPerms.sh (to fix a whole tree):
#!/bin/bash
fixPerms.sh . > /dev/null
n=0
find "$@" \( \( -uid 98765 \) -o \( -uid 98766 \) \) -print0| tr '\000' '\012'| \
while read d
do
# echo "|$d|"
wd=$(cygpath -w "$d")
n=$((n + 1))
if [ "$n" = "50" ]
then
echo $wd
n=0
fi
if [ -h "$d" ]
then
chown -h [me] "$d"
chgrp -h None "$d"
else
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$wd" /replace=S-1-5-21-xxx-1001=luther\\ht >/dev/null
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$wd" /replace=S-1-5-21-xxx-513=luther\\None >/dev/null
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$wd" /replace=S-1-5-21-yyy-1001=luther\\ht >/dev/null
/c/Program\ Files\ \(x86\)/Windows\ Resource\ Kits/Tools/subinacl /file "$wd" /replace=S-1-5-21-yyy-513=luther\\None >/dev/null
icacls "$wd" /remove "NULL SID" >/dev/null
chown [me] "$d"
fi
done
Same replacements required for [me] and xxx (and maybe yyy) as above. I
didn't copied fixPerms.sh into the loop instead of invoking it by name
in order to avoid 100,000s of (slow) forks -- I'm sure there are other
optimisations which could be done.
Finally, note that the uids used in the 'find' at the beginning of
walkPerms.sh above are whatever you've added in your /etc/passwd per
Corinna's earlier message [1], e.g.
me0:*:98765:197121:U-LUTHER\me0,S-1-5-21-xxx-1001:/:/sbin/nologin
me1:*:98766:197121:U-LUTHER\me1,S-1-5-21-yyy-1001:/:/sbin/nologin
If the 'find' doesn't produce anything when you think it should, read
the documentation about /etc/nsswitch.conf [2] and make sure it's either
absent or getting /etc/passwd read.
Hope this helps someone down the line,
ht
[1] https://cygwin.com/ml/cygwin/2016-06/msg00393.html
[2] https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch
--
Henry S. Thompson, School of Informatics, University of Edinburgh
10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
Fax: (44) 131 650-4587, e-mail: ht@inf.ed.ac.uk
URL: http://www.ltg.ed.ac.uk/~ht/
[mail from me _always_ has a .sig like this -- mail without it is forged spam]
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple