Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia

Peter Binney peter.binney@gmail.com
Mon Dec 23 20:05:00 GMT 2019 

Hello Andrey - many thanks for that. I have now removed /etc/passwd
and /etc/group which didn't change anything.

I read some of your earlier posts on this and had already tried the noacl route.

Unfortunately it has made no difference. I added a second line to my
fstab so it read:

none /cygdrive cygdrive binary,posix=0,user 0 0
e: /cygdrive/e ntfs noacl,binary,posix=0,user,auto 0 0

with "mount" showing:

C:/cygwin/bin on /usr/bin type ntfs (binary,auto)
C:/cygwin/lib on /usr/lib type ntfs (binary,auto)
C:/cygwin on / type ntfs (binary,auto)
E: on /cygdrive/e type ntfs (binary,noacl,posix=0,user)
C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto)
D: on /cygdrive/d type ntfs (binary,posix=0,user,noumount,auto)
N: on /cygdrive/n type smbfs (binary,posix=0,user,noumount,auto)
P: on /cygdrive/p type smbfs (binary,posix=0,user,noumount,auto)

But when creating files on an E: I still get DENY for "NULL SID" and
other accounts.




On Sun, 22 Dec 2019 at 14:05, Andrey Repin <anrdaemon@yandex.ru> wrote:
>
> Greetings, Peter Binney!
>
> > Creating a file using "> newfile", "icacls newfile" shows various DENY settings:
>
> > newfile NULL SID:(DENY)(Rc,S,WEA,X,DC)
> >         JCPR-DELL-3\peter:(R,W,D,WDAC,WO)
> >         NT AUTHORITY\SYSTEM:(DENY)(S,X)
> >         BUILTIN\Administrators:(DENY)(S,X)
> >         BUILTIN\Users:(DENY)(S,X)
> >         JCPR-DELL-3\None:(R)
> >         NT AUTHORITY\SYSTEM:(RX,W)
> >         BUILTIN\Administrators:(RX,W)
> >         BUILTIN\Users:(RX,W)
> >         Everyone:(R)
>
> > Whereas on a file created from Windows Explorer I see:
> > New Text Document.txt BUILTIN\Users:(I)(M)
> >                       Everyone:(I)(RX)
> >                       JCPR-DELL-3\peter:(I)(F)
> >                       BUILTIN\Administrators:(I)(F)
> >                       NT AUTHORITY\SYSTEM:(I)(F)
>
> > "mkpasswd" and "mkgroup"
>
> Please use getent
>
> > both show I (user "peter") have expected
> > entries in /etc/passwd and /etc/group (I attach both)
>
> Delete both from your system, they are not needed, except for extremely rare
> cases.
>
> > Running "whoami" commands from powershell shows:
>
> > PS E:\temp> whoami /groups
>
> > GROUP INFORMATION
> > -----------------
> > Group Name                                                    Type
> >         SID          Attributes
> > =============================================================
> > ================ ============
> > ==================================================
> > Everyone
> > Well-known group S-1-1-0      Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\Local account and member of Administrators group
> > Well-known group S-1-5-114    Group used for deny only
> > BUILTIN\Administrators                                        Alias
> >         S-1-5-32-544 Group used for deny only
> > BUILTIN\Performance Log Users                                 Alias
> >         S-1-5-32-559 Mandatory group, Enabled by default, Enabled
> > group
> > BUILTIN\Users                                                 Alias
> >         S-1-5-32-545 Mandatory group, Enabled by default, Enabled
> > group
> > NT AUTHORITY\INTERACTIVE
> > Well-known group S-1-5-4      Mandatory group, Enabled by default,
> > Enabled group
> > CONSOLE LOGON
> > Well-known group S-1-2-1      Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\Authenticated Users
> > Well-known group S-1-5-11     Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\This Organization
> > Well-known group S-1-5-15     Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\Local account
> > Well-known group S-1-5-113    Mandatory group, Enabled by default,
> > Enabled group
> > LOCAL
> > Well-known group S-1-2-0      Mandatory group, Enabled by default,
> > Enabled group
> > NT AUTHORITY\NTLM Authentication
> > Well-known group S-1-5-64-10  Mandatory group, Enabled by default,
> > Enabled group
> > Mandatory Label\Medium Mandatory Level                        Label
> >         S-1-16-8192
> > PS E:\temp> whoami
> > jcpr-dell-3\peter
> > PS E:\temp> whoami /user
>
> > USER INFORMATION
> > ----------------
> > User Name         SID
> > ================= =============================================
> > jcpr-dell-3\peter S-1-5-21-1468824806-2062748802-729869357-100
>
> > I also attach cygcheck.out
>
> See my earlier message, I strongly suggest "noacl" mount option for
> directories outside Cygwin root.
> No windows program expects stupid access restrictions produces by basic POSIX
> permissions.
>
>
> --
> With best regards,
> Andrey Repin
> Sunday, December 22, 2019 15:35:08
>
> Sorry for my terrible english...
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list