Too Many Permissions Stripped In 1.7.35?
Corinna Vinschen
corinna-cygwin@cygwin.com
Thu Feb 26 22:39:00 GMT 2015
On Feb 26 16:27, Bryan Berns wrote:
> > You just have to enable the SeBackupName and SeRestoreName privs.
> > Try in Cygwin. It does that automatically.
> >
> > For cases where you need to stick to the Windows ACLs, use noacl
> > mounts.
>
> Understood --- I can probably set SeBackupPrivilege /
> SeRestorePrivilege as 'RequiredPriveleges' for the services that
> depend on the system account having access via the ACLs. Not being
> used quite in the spirit of those privileges (i.e. for
> backup/restore), but doable. We'll also have to revise our
> permissions model on our network filers since before running 'chmod
> 700' on a file wouldn't blow away our various administrative groups.
>
> Like I said originally, just wanted to verify it was desired behavior
> and it sounds like it is. Thanks!
Having discussed this, I can understand that it may be desirable to
skip the permissions of the SYSTEM account in these circumstances:
- Computing the POSIX ACL mask and default mask value and thus in
the permission mask as printed by `ls -l'.
- Changing SYSTEM permissions when calling chmod, unless SYSTEM is the
file's owning group.
Changing this in the code is pretty straightforward. but I'm not willing
to add another mount option for this behaviour. Either Cygwin ignores
SYSTEM in the aforementioned circumstances or it doesn't.
Crucial vote starting... now.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150226/8cff6025/attachment.sig>
More information about the Cygwin
mailing list