This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Problem with posix flags and permission denied on domain computer

From: schilpfamily <schilpfamily at gmail dot com>
To: cygwin <cygwin at cygwin dot com>
Date: Wed, 13 May 2015 13:22:23 -0400
Subject: Re: Problem with posix flags and permission denied on domain computer
Authentication-results: sourceware.org; auth=none
References: <CAHODtZTiAbrFLBfgcY=RNathFpi70P8LxQwQ2_sVWM=x7nZvpg at mail dot gmail dot com> <CAHODtZS3eN4EOnhwx0nMsooqWpkY_TRcuZXLhzRVpSV6pGH+sg at mail dot gmail dot com>

finally, someone else experiencing the same problems i have been
seeing. i have to run chmod -r u+r,u+w * to fix this issue. cygwin
really need to fix this.

On Wed, May 13, 2015 at 8:17 AM, JiÅÃ Engelthaler <engycz@gmail.com> wrote:
> Digging couple of hours found the cause. File security.cc line 389
> RtlGetGroupSecurityDescriptor gets group SID "DOM_LAN\Domain Users"
> but this group is not in Access list parsed in get_attribute_from_acl
> function. I think this is not only my problem and hope Cygwin will be
> fixed.
>
> Powershell get-acl:
> PS D:\> get-acl foo|format-list
>
>
> Path   : Microsoft.PowerShell.Core\FileSystem::D:\foo
> Owner  : DOM_LAN\engycz
> Group  : DOM_LAN\Domain Users
> Access : BUILTIN\Administrators Allow  FullControl
>          NT AUTHORITY\SYSTEM Allow  FullControl
>          NT AUTHORITY\Authenticated Users Allow  Modify, Synchronize
>          BUILTIN\Users Allow  ReadAndExecute, Synchronize
> Audit  :
> Sddl   : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301bf;;;AU)(A;ID;0x1200a9;;;BU)
>
> =========
>
> PS D:\> get-acl bar|format-list
>
>
> Path   : Microsoft.PowerShell.Core\FileSystem::D:\bar
> Owner  : DOM_LAN\engycz
> Group  : DOM_LAN\Domain Users
> Access : DOM_LAN\engycz Deny  ReadData, ReadExtendedAttributes, ExecuteFile
>          Everyone Allow  ReadAttributes, ReadPermissions, Synchronize
>          NT AUTHORITY\Authenticated Users Allow  Modify, Synchronize
>          NT AUTHORITY\SYSTEM Allow  FullControl
>          BUILTIN\Administrators Allow  FullControl
>          BUILTIN\Users Allow  ReadAndExecute, Synchronize
>          DOM_LAN\Domain Users Allow  ReadAndExecute, Synchronize
>          DOM_LAN\engycz Allow  ReadAttributes, WriteAttributes,
> Delete, ReadPermissions, ChangePermissions, TakeOwnership, Synchronize
> Audit  :
> Sddl   : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:P(D;;CCSWWP;;;S-1-5-21-270207346-1464484900-1734353810-5370)(A;;0x120080;;;WD)(A;;0x1301bf;;;AU)(
>          A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;DU)(A;;0x1f0180;;;S-1-5-21-270207346-1464484900-1734353810-5370)
>
> 2015-05-12 21:02 GMT+02:00 JiÅÃ Engelthaler <engycz@gmail.com>:
>> I have problem with posix file flags and permission denied on computer
>> which is in domain. I have file on disk D: named foo. It is accessible
>> both in Windows and in Cygwin as /cygdrive/d/foo but has flags
>> ----rwx---+. If I copy this file to file named bar, it is not
>> accessible in Cygwin nor in Windows.
>> Fresh Windows installation, fresh Cygwin 2.0.2-1, foo file created in
>> notepad. As user engycz I'm member of group "NT
>> AUTHORITY\Authenticated Users" and "BUILTIN\Users" so I have R/W
>> access to foo.
>>
>> $ ls -al foo
>> ----rwx---+ 1 engycz Domain Users 5 12. 5  20.15 foo
>>
>> $ cat foo
>> hello
>>
>> $ getfacl.exe foo
>> # file: foo
>> # owner: engycz
>> # group: Domain Users
>> user::---
>> group::---
>> group:Authenticated Users:rwx
>> group:SYSTEM:rwx
>> group:Administrators:rwx
>> group:Users:r-x
>> mask:rwx
>> other:---
>>
>> $ icacls.exe foo
>> foo BUILTIN\Administrators:(I)(F)
>>     NT AUTHORITY\SYSTEM:(I)(F)
>>     NT AUTHORITY\Authenticated Users:(I)(M)
>>     BUILTIN\Users:(I)(RX)
>>
>> ====================
>> $ cp foo bar
>> ====================
>>
>> $ ls -al bar
>> ----rwx---+ 1 engycz Domain Users 5 12. 5  20.18 bar
>>
>> $ cat bar
>> cat: bar: Permission denied
>>
>>
>> $ getfacl.exe bar
>> # file: bar
>> # owner: engycz
>> # group: Domain Users
>> user::---
>> group::r-x
>> group:Authenticated Users:rwx
>> group:SYSTEM:rwx
>> group:Administrators:rwx
>> group:Users:r-x
>> mask:rwx
>> other:---
>>
>> $ icacls.exe bar
>> bar DOM_LAN\engycz:(DENY)(S,RD,REA,X)
>>     DOM_LAN\engycz:(D,Rc,WDAC,WO,RA,WA)
>>     DOM_LAN\Domain Users:(RX)
>>     Everyone:(Rc,S,RA)
>>     BUILTIN\Administrators:(F)
>>     NT AUTHORITY\SYSTEM:(F)
>>     NT AUTHORITY\Authenticated Users:(M)
>>     BUILTIN\Users:(RX)
>
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Follow-Ups:
- Re: Problem with posix flags and permission denied on domain computer
  - From: JiÅÃ Engelthaler

References:
- Problem with posix flags and permission denied on domain computer
  - From: JiÅÃ Engelthaler
- Re: Problem with posix flags and permission denied on domain computer
  - From: JiÅÃ Engelthaler

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]