This is the mail archive of the
cygwin-talk
mailing list for the cygwin project.
OT: inherited ACL - full control, can only append to file
- From: cygzw at trodman dot com (Tom Rodman)
- To: cygwin-talk at cygwin dot com
- Date: Fri, 07 Mar 2008 16:48:32 -0600
- Subject: OT: inherited ACL - full control, can only append to file
- Reply-to: cygwin at cygwin dot com
- Reply-to: The Vulgar and Unprofessional Cygwin-Talk List <cygwin-talk at cygwin dot com>
Any idea why I could append to "zam.pif" below, but
echo > zam.pif
failed ("Permission denied")?
"attrib" listed zam.pif as a hidden system file. It was owned by
another user, and had only inherited permissions.
I was able to delete it.
I wanted to empty the file out
without changing it's permissions ( had a virus ).
--
thanks,
Tom
v-v-v-v-v-v-v-v-v-v-v D E T A I L S v-v-v-v-v-v-v-v-v-v-v
/drv/m $ _wfi zam.pif # "_wfi is a bash script to show perms, it shows what it does"
+ setacl -on 'm:\zam.pif' -ot file -actn list -lst 'f:tab;w:o,g,d,s;i:n;s:n'
\\?\m:\zam.pif
Owner: DOMxx1\johndoe
Group: DOMxx1\Domain Users
SetACL finished successfully.
+ :
+ stat --printf 'name: %n\n size: %s type: %F\n modify: %y\n access: %x change: %z\n' zam.pif
name: zam.pif
size: 47104 type: regular file
modify: 2005-12-11 18:34:42.000000000 -0600
access: 2008-03-06 15:36:38.593270600 -0600 change: 2008-03-05 18:13:43.365871300 -0600
+ attrib 'm:\zam.pif'
SH M:\zam.pif
+ set +x
/drv/m $ ls -l zam.pif
----------+ 1 johndoe Domain Users 47104 Dec 11 2005 zam.pif
/drv/m $ echo > zam.pif
-bash: zam.pif: Permission denied
/drv/m $ dacl zam.pif
+ setacl -on 'm:\zam.pif' -ot file -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n'
\\?\m:\zam.pif
Owner: DOMxx1\johndoe
Group: DOMxx1\Domain Users
DACL(not_protected+auto_inherited):
BUILTIN\Administrators full allow inherited
NT AUTHORITY\Authenticated Users read_execute allow inherited
S-1-5-21-6622783460-1979792683-1801674531-2122 full allow inherited
DOMxx1\staffuser2 full allow inherited
S-1-5-21-6202436711-2025429265-1801674531-1005 full allow inherited
S-1-5-21-6622783460-1979792683-1801674531-2114 change allow inherited
DOMxx1\XYZ_BLD_MGR change allow inherited
S-1-5-21-6622783460-1979792683-1801674531-2117 full allow inherited
DOMxx1\XYZ_ES_ADMIN full allow inherited
NT AUTHORITY\SYSTEM full allow inherited
SetACL finished successfully.
+ set +x
/drv/m $ echo >> zam.pif
/drv/m $ echo abc > zam.pif
-bash: zam.pif: Permission denied
/drv/m $ handle zam.pif
Handle v2.2
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
No matching handles found.
/drv/m $ rm -f zam.pif
/drv/m $ ls -a
./ Bryn/ RECYCLER/ Orly/ Gaul/ temp/
../ Riga.inf System Volume Information/ Skye/ Abos/ tests/
/drv/m $
--snip/same user:
~ $ id -un
staffuser1
~ $ groups
XYZ_ES_STAFF Administrators ABC_NA-CTX-Notepad-A Domain Users XYZ_ES_ADMIN XYZ_Users Users