This is the mail archive of the
mailing list for the Cygwin project.
Admin can read user file from bash, despite permissions
- From: Gmane User <fma at doe dot carleton dot ca>
- To: cygwin at cygwin dot com
- Date: Thu, 10 Apr 2008 04:19:15 -0400
- Subject: Admin can read user file from bash, despite permissions
I have a power user file that has go-rwx. However, the administrator
account can "less" the contents from a bash command line. This is
both logging onto Windows 2000 as admin, as well as ssh'ing in
(loopback) from the power user log-in session. The administrator can
also "mv" the file to a different name, but it can't create a new file
in the same folder e.g. by "cp".
CACLS shows an extensive set of permissions for the power user owner,
but only READ_CONTROL, FILE_READ_EA, & FILE_READ_ATTRIBUTES for
LaptopName\None and Everyone. I've come across nothing on the web
(yet) about a special privilege that allows administrators the level
of access that it seems to have. In fact, if I just open up a DOS
shell as Administrator, I cannot "more" the said file. So it seems to
be specific to Cygwin rather than Windows.
I've read up on ntsec in the Cygwin user guide, but nothing seems to
explain the admin access to the file. However, it is new material to
me, so I might be missing it. If the explanation is there, could
someone point to the particular paragraph, and perhaps elaborate on
how that explains the access I observe? If the explanation isn't
there, what is the explanation?
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html