Duplicate ACLs? - Can't copy file even with Admin permissions

cygwin@kosowsky.org cygwin@kosowsky.org
Thu Jan 6 21:11:57 GMT 2022 

Hi Corinna,

Corinna Vinschen wrote:
> On Jan  3 10:51, cyg...@kosowsky.org wrote:
> > I have a file: /c/Config.Msi/3da9e136.rbf that I cannot copy, even when
> > [...]
> >       # getfacl 3da9e136.rbf
> >       # file: 3da9e136.rbf
> >       # owner: Administrators
> >       # group: SYSTEM
> >       user::rwx
> >       group::rwx
> >       other::r-x
> >       user::rwx
> >       group::rwx
> >       group:SYSTEM:rwx
> >       mask::rwx
> >       other::r-x
> > [...]
> > Note that 'subinacl' shows:
> > =================================
> > +File C:\Config.Msi\3da9e136.rbf
> > =================================
> > /control=0x0
> > /owner             =builtin\administrators
> > /primary group     =system
> > /audit ace count   =0
> > /perm. ace count   =3
> > /pace =system  Type=0x0 Flags=0x3 AccessMask=0x1f01ff
> > /pace =everyone  Type=0x0 Flags=0x3 AccessMask=0x1200a9
> > /pace =builtin\administrators  Type=0x0 Flags=0x3 AccessMask=0x1f01ff
> 
> I don't see a reliable, trustable source for downloading subinacl, so
> let's do this with builtin tools.
> 
> I'm not sure what's going on on your machine.  I tried to reproduce your
> issue by creating a file with the exact same DACL:
> 
>   $ cat aclfile.sav
>   acltest
>   D:P(A;;FA;;;SY)(A;;0x1200a9;;;WD)(A;;FA;;;BA)
> 
> Note that the file is in UTF-16, the first two bytes are the BOM.
> 
>   $ icacls . /restore aclfile.sav
>   processed file: .\acltest
>   Successfully processed 1 files; Failed processing 0 files
>   $ icacls acltest
>   acltest NT AUTHORITY\SYSTEM:(F)
>           Everyone:(RX)
>           BUILTIN\Administrators:(F)
> 
>   Successfully processed 1 files; Failed processing 0 files
>   $ getfacl acltest
>   # file: acltest
>   # owner: Administrators
>   # group: SYSTEM
>   user::rwx
>   group::rwx
>   other::r-x
> 
> Would you mind to run `icacls 3da9e136.rbf /save 3da9e136.acl
> and paste the content of 3da9e136.acl into your reply?

I ran the code you suggested:
  #icacls 3da9e136.rbf /save 3da9e136.acl
  processed file: 3da9e136.rbf
  Successfully processed 1 files; Failed processing 0 files

  #cat 3da9e136.acl
  3da9e136.rbf
  D:P(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;WD)(A;OICI;FA;;;BA)

Not sure how to interpret the above but hope it's helpful...

  #icacls 3da9e136.rbf
  3da9e136.rbf NT AUTHORITY\SYSTEM:(OI)(CI)(F)
             Everyone:(OI)(CI)(RX)
             BUILTIN\Administrators:(OI)(CI)(F)

  Successfully processed 1 files; Failed processing 0 files

  #getfacl 3da9e136.rbf
  # file: 3da9e136.rbf
  # owner: Administrators
  # group: SYSTEM
  user::rwx
  group::rwx
  other::r-x
  user::rwx
  group::rwx
  group:SYSTEM:rwx
  mask::rwx
  other::r-x

> Please use "reply-to" to keep mail threading intact.  Your two
> mails in terms of this problem are disconnected for some reason.


Not sure why my MTA has not been threading properly but for some
reason I didn't receive your response either.

Hopefully this gets attached to the correct thread.

Jeff

More information about the Cygwin mailing list