Duplicate ACLs? - Can't copy file even with Admin permissions

cygwin@kosowsky.org cygwin@kosowsky.org
Fri Jan 7 20:56:06 GMT 2022

• Previous message (by thread): Duplicate ACLs? - Can't copy file even with Admin permissions
• Next message (by thread): Duplicate ACLs? - Can't copy file even with Admin permissions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

> Corinna Vinschen wrote:
> On Jan 6 16:11, cyg...@kosowsky.org wrote:
> It is. I realized belatedly, that 3da9e136.acl is apparently a
> directory, not a file.

It's actually a file...
 # ls -al 3da9e136.rbf
 -rwxrwxr-x+ 1 Administrators SYSTEM 96728 Jul 8 2018 3da9e136.rbf*
 #file 3da9e136.rbf
 3da9e136.acl: data
 3da9e136.rbf: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Window
Notice:
 # icacls.exe 3da9e136.rbf
 3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
 Everyone:(OI)(CI)(RX)
		 BUILTIN\Administrators:(OI)(CI)(F)
 Successfully processed 1 files; Failed processing 0 files
But:
 #icacls 3da9e136.rbf /save 3da9e136.acl
 processed file: 3da9e136.rbf
 Successfully processed 1 files; Failed processing 0 files
 #cat 3da9e136.acl
 3da9e136.rbf
 D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
> So I tweaked my local test accordingly, and
> here's my session output:
>> $ mkdir acltest
> $ chown Administrators.SYSTEM acltest
> $ cat aclfile.sav
> acltest
> 	 D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)
> 	 $ icacls . /restore aclfile.sav
> 	 processed file: .\acltest
> 	 Successfully processed 1 files; Failed processing 0
> files
> $ icacls acltest
> acltest NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> 	 Everyone:(OI)(CI)(RX)
> 		 BUILTIN\Administrators:(OI)(CI)(F)
>> Successfully processed 1 files; Failed processing 0 files
>> > #icacls 3da9e136.rbf
> > 3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> > Everyone:(OI)(CI)(RX)
> > BUILTIN\Administrators:(OI)(CI)(F)
> >
> > Successfully processed 1 files; Failed processing 0 files
>> So the DACL is now identical to yours. Let's try getfacl:
>> $ getfacl --version | head -1
> getfacl (cygwin) 3.3.3
> $ getfacl acltest
> # file: acltest
> 	 # owner: Administrators
> 	 # group: SYSTEM
> 	 user::rwx
> 	 group::rwx
> 		 other::r-x
> 		 default:user::rwx
> 		 default:group::rwx
> 		 default:group:SYSTEM:rwx
> 			 default:mask::rwx
> 			 default:other::r-x
>> Ok, that looks correct. Now compare with the output of your getfacl:
>> > #getfacl 3da9e136.rbf
> > # file: 3da9e136.rbf
> > # owner: Administrators
> > # group: SYSTEM
> > user::rwx
> > group::rwx
> > other::r-x
> > user::rwx
> > group::rwx
> > group:SYSTEM:rwx
> > mask::rwx
> > other::r-x
>> It's exactly the same as the one my gefacl prints above, except the
> "default:" specifier for default ACEs is missing in the output.

Could that because yours is a directory and mine is a file
> I can't explain that, sorry. Old getfacl version? Running an output
> filter of some sort? Clutching at straws here....

 #getfacl --version | head -1
 getfacl (cygwin) 3.3.3

---

• Previous message (by thread): Duplicate ACLs? - Can't copy file even with Admin permissions
• Next message (by thread): Duplicate ACLs? - Can't copy file even with Admin permissions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Cygwin mailing list