This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Problem with posix flags and permission denied on domain computer
- From: schilpfamily <schilpfamily at gmail dot com>
- To: cygwin <cygwin at cygwin dot com>
- Date: Wed, 13 May 2015 13:22:23 -0400
- Subject: Re: Problem with posix flags and permission denied on domain computer
- Authentication-results: sourceware.org; auth=none
- References: <CAHODtZTiAbrFLBfgcY=RNathFpi70P8LxQwQ2_sVWM=x7nZvpg at mail dot gmail dot com> <CAHODtZS3eN4EOnhwx0nMsooqWpkY_TRcuZXLhzRVpSV6pGH+sg at mail dot gmail dot com>
finally, someone else experiencing the same problems i have been
seeing. i have to run chmod -r u+r,u+w * to fix this issue. cygwin
really need to fix this.
On Wed, May 13, 2015 at 8:17 AM, JiÅÃ Engelthaler <engycz@gmail.com> wrote:
> Digging couple of hours found the cause. File security.cc line 389
> RtlGetGroupSecurityDescriptor gets group SID "DOM_LAN\Domain Users"
> but this group is not in Access list parsed in get_attribute_from_acl
> function. I think this is not only my problem and hope Cygwin will be
> fixed.
>
> Powershell get-acl:
> PS D:\> get-acl foo|format-list
>
>
> Path : Microsoft.PowerShell.Core\FileSystem::D:\foo
> Owner : DOM_LAN\engycz
> Group : DOM_LAN\Domain Users
> Access : BUILTIN\Administrators Allow FullControl
> NT AUTHORITY\SYSTEM Allow FullControl
> NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
> BUILTIN\Users Allow ReadAndExecute, Synchronize
> Audit :
> Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301bf;;;AU)(A;ID;0x1200a9;;;BU)
>
> =========
>
> PS D:\> get-acl bar|format-list
>
>
> Path : Microsoft.PowerShell.Core\FileSystem::D:\bar
> Owner : DOM_LAN\engycz
> Group : DOM_LAN\Domain Users
> Access : DOM_LAN\engycz Deny ReadData, ReadExtendedAttributes, ExecuteFile
> Everyone Allow ReadAttributes, ReadPermissions, Synchronize
> NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
> NT AUTHORITY\SYSTEM Allow FullControl
> BUILTIN\Administrators Allow FullControl
> BUILTIN\Users Allow ReadAndExecute, Synchronize
> DOM_LAN\Domain Users Allow ReadAndExecute, Synchronize
> DOM_LAN\engycz Allow ReadAttributes, WriteAttributes,
> Delete, ReadPermissions, ChangePermissions, TakeOwnership, Synchronize
> Audit :
> Sddl : O:S-1-5-21-270207346-1464484900-1734353810-5370G:DUD:P(D;;CCSWWP;;;S-1-5-21-270207346-1464484900-1734353810-5370)(A;;0x120080;;;WD)(A;;0x1301bf;;;AU)(
> A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;DU)(A;;0x1f0180;;;S-1-5-21-270207346-1464484900-1734353810-5370)
>
> 2015-05-12 21:02 GMT+02:00 JiÅÃ Engelthaler <engycz@gmail.com>:
>> I have problem with posix file flags and permission denied on computer
>> which is in domain. I have file on disk D: named foo. It is accessible
>> both in Windows and in Cygwin as /cygdrive/d/foo but has flags
>> ----rwx---+. If I copy this file to file named bar, it is not
>> accessible in Cygwin nor in Windows.
>> Fresh Windows installation, fresh Cygwin 2.0.2-1, foo file created in
>> notepad. As user engycz I'm member of group "NT
>> AUTHORITY\Authenticated Users" and "BUILTIN\Users" so I have R/W
>> access to foo.
>>
>> $ ls -al foo
>> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.15 foo
>>
>> $ cat foo
>> hello
>>
>> $ getfacl.exe foo
>> # file: foo
>> # owner: engycz
>> # group: Domain Users
>> user::---
>> group::---
>> group:Authenticated Users:rwx
>> group:SYSTEM:rwx
>> group:Administrators:rwx
>> group:Users:r-x
>> mask:rwx
>> other:---
>>
>> $ icacls.exe foo
>> foo BUILTIN\Administrators:(I)(F)
>> NT AUTHORITY\SYSTEM:(I)(F)
>> NT AUTHORITY\Authenticated Users:(I)(M)
>> BUILTIN\Users:(I)(RX)
>>
>> ====================
>> $ cp foo bar
>> ====================
>>
>> $ ls -al bar
>> ----rwx---+ 1 engycz Domain Users 5 12. 5 20.18 bar
>>
>> $ cat bar
>> cat: bar: Permission denied
>>
>>
>> $ getfacl.exe bar
>> # file: bar
>> # owner: engycz
>> # group: Domain Users
>> user::---
>> group::r-x
>> group:Authenticated Users:rwx
>> group:SYSTEM:rwx
>> group:Administrators:rwx
>> group:Users:r-x
>> mask:rwx
>> other:---
>>
>> $ icacls.exe bar
>> bar DOM_LAN\engycz:(DENY)(S,RD,REA,X)
>> DOM_LAN\engycz:(D,Rc,WDAC,WO,RA,WA)
>> DOM_LAN\Domain Users:(RX)
>> Everyone:(Rc,S,RA)
>> BUILTIN\Administrators:(F)
>> NT AUTHORITY\SYSTEM:(F)
>> NT AUTHORITY\Authenticated Users:(M)
>> BUILTIN\Users:(RX)
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple