Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
On Sat, 28 Dec 2019 at 20:23, Lee wrote: > > On 12/28/19, Andrey Repin wrote: > > Greetings, Peter Binney! > > > > Bottom posting in this list, please. > > > >> Hello Andrey - many thanks again. > > > >> I have added noacl to the default fstab entry, so it reads: > >> none /cygdrive cygdrive noacl,binary,posix=0,user 0 0 > > > >> and that sorts out the permissions problem, thank you. > > > >> But, bizarrely, it introduced a new one - the WHICH command no longer > >> reports non-executable files on the PATH. > > Try adding the exec option to fstab: > > $ grep cygdrive /etc/fstab > # none /cygdrive cygdrive binary,posix=0,user 0 0 > none /cygdrive cygdrive binary,posix=0,user,noacl,exec 0 0 > > $ which xcopy > /cygdrive/c/windows/system32/xcopy > > $ ls -l /cygdrive/c/windows/system32/xcopy > -rwxr-xr-x 2 Lee None 47616 Sep 15 2018 > /cygdrive/c/windows/system32/xcopy.exe > > Regards, > Lee Hi Lee - many thanks indeed for that. I've added "exec" and WHICH now works. Cheers, Peter -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
On 12/28/19, Andrey Repin wrote: > Greetings, Peter Binney! > > Bottom posting in this list, please. > >> Hello Andrey - many thanks again. > >> I have added noacl to the default fstab entry, so it reads: >> none /cygdrive cygdrive noacl,binary,posix=0,user 0 0 > >> and that sorts out the permissions problem, thank you. > >> But, bizarrely, it introduced a new one - the WHICH command no longer >> reports non-executable files on the PATH. Try adding the exec option to fstab: $ grep cygdrive /etc/fstab # none /cygdrive cygdrive binary,posix=0,user 0 0 none /cygdrive cygdrive binary,posix=0,user,noacl,exec 0 0 $ which xcopy /cygdrive/c/windows/system32/xcopy $ ls -l /cygdrive/c/windows/system32/xcopy -rwxr-xr-x 2 Lee None 47616 Sep 15 2018 /cygdrive/c/windows/system32/xcopy.exe Regards, Lee -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
Greetings, Peter Binney!
Bottom posting in this list, please.
> Hello Andrey - many thanks again.
> I have added noacl to the default fstab entry, so it reads:
> none /cygdrive cygdrive noacl,binary,posix=0,user 0 0
> and that sorts out the permissions problem, thank you.
> But, bizarrely, it introduced a new one - the WHICH command no longer
> reports non-executable files on the PATH.
> Such files are found and executed OK (presumably because Windows logic
> is adhered to, where execute permission is not required), but WHICH
> doesn't "see" them.
> So I had to build a work-around for WHICH (which I use in various
> scriptware) since I can also find no way to set the execute bit on a
> file ("chmod a+x" doesn't seem to do anything with or without noacl).
This could be actually because you are lacking executable permission on your
files. Which Windows by default always set.
--
With best regards,
Andrey Repin
Saturday, December 28, 2019 16:57:49
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
Hello Andrey - many thanks again.
I have added noacl to the default fstab entry, so it reads:
none /cygdrive cygdrive noacl,binary,posix=0,user 0 0
and that sorts out the permissions problem, thank you.
But, bizarrely, it introduced a new one - the WHICH command no longer
reports non-executable files on the PATH.
Such files are found and executed OK (presumably because Windows logic
is adhered to, where execute permission is not required), but WHICH
doesn't "see" them.
So I had to build a work-around for WHICH (which I use in various
scriptware) since I can also find no way to set the execute bit on a
file ("chmod a+x" doesn't seem to do anything with or without noacl).
Thanks again,
Peter
On Tue, 24 Dec 2019 at 09:20, Andrey Repin wrote:
>
> Greetings, Peter Binney!
>
> > Hello Andrey - many thanks for that. I have now removed /etc/passwd
> > and /etc/group which didn't change anything.
>
> > I read some of your earlier posts on this and had already tried the noacl
> > route.
>
> > Unfortunately it has made no difference. I added a second line to my
> > fstab so it read:
>
> > none /cygdrive cygdrive binary,posix=0,user 0 0
>
> Add "noacl" here.
>
> > e: /cygdrive/e ntfs noacl,binary,posix=0,user,auto 0 0
>
> Avoid overlapping mount points. The end result could be surprising.
>
> > with "mount" showing:
>
> > C:/cygwin/bin on /usr/bin type ntfs (binary,auto)
> > C:/cygwin/lib on /usr/lib type ntfs (binary,auto)
> > C:/cygwin on / type ntfs (binary,auto)
> > E: on /cygdrive/e type ntfs (binary,noacl,posix=0,user)
> > C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto)
> > D: on /cygdrive/d type ntfs (binary,posix=0,user,noumount,auto)
> > N: on /cygdrive/n type smbfs (binary,posix=0,user,noumount,auto)
> > P: on /cygdrive/p type smbfs (binary,posix=0,user,noumount,auto)
>
> > But when creating files on an E: I still get DENY for "NULL SID" and
> > other accounts.
>
> $ cat /etc/fstab && mount
> # For a description of the file format, see the Users Guide
> # http://cygwin.com/cygwin-ug-net/using.html#mount-table
>
> # This is default anyway:
> #none /cygdrive cygdrive binary,posix=0,user 0 0
> none / cygdrive noacl,binary,nouser,posix=0 0 0
> W:/ /var/run ntfs acl,binary,nouser,posix=0 0 0
> C:/Users /home bind noacl,binary,exec,posix=0 0 0
> none /tmp usertemp binary,nouser,posix=1 0 0
>
> C:/Users/ANRDAE~1/AppData/Local/Temp on /tmp type ntfs (binary,usertemp)
> C:/Programs/Cygwin_64/bin on /usr/bin type ntfs (binary,auto)
> C:/Programs/Cygwin_64/lib on /usr/lib type ntfs (binary,auto)
> C:/Programs/Cygwin_64 on / type ntfs (binary,auto)
> C:/Users on /home type ntfs (binary,exec,noacl,posix=0)
> W: on /var/run type ntfs (binary,posix=0)
> C: on /c type ntfs (binary,noacl,posix=0,noumount,auto)
> M: on /m type vfat (binary,noacl,posix=0,noumount,auto)
> Y: on /y type smbfs (binary,noacl,posix=0,noumount,auto)
> Z: on /z type smbfs (binary,noacl,posix=0,noumount,auto)
>
>
> --
> With best regards,
> Andrey Repin
> Tuesday, December 24, 2019 12:14:33
>
> Sorry for my terrible english...
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
Greetings, Peter Binney! > Hello Andrey - many thanks for that. I have now removed /etc/passwd > and /etc/group which didn't change anything. > I read some of your earlier posts on this and had already tried the noacl > route. > Unfortunately it has made no difference. I added a second line to my > fstab so it read: > none /cygdrive cygdrive binary,posix=0,user 0 0 Add "noacl" here. > e: /cygdrive/e ntfs noacl,binary,posix=0,user,auto 0 0 Avoid overlapping mount points. The end result could be surprising. > with "mount" showing: > C:/cygwin/bin on /usr/bin type ntfs (binary,auto) > C:/cygwin/lib on /usr/lib type ntfs (binary,auto) > C:/cygwin on / type ntfs (binary,auto) > E: on /cygdrive/e type ntfs (binary,noacl,posix=0,user) > C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto) > D: on /cygdrive/d type ntfs (binary,posix=0,user,noumount,auto) > N: on /cygdrive/n type smbfs (binary,posix=0,user,noumount,auto) > P: on /cygdrive/p type smbfs (binary,posix=0,user,noumount,auto) > But when creating files on an E: I still get DENY for "NULL SID" and > other accounts. $ cat /etc/fstab && mount # For a description of the file format, see the Users Guide # http://cygwin.com/cygwin-ug-net/using.html#mount-table # This is default anyway: #none /cygdrive cygdrive binary,posix=0,user 0 0 none / cygdrive noacl,binary,nouser,posix=0 0 0 W:/ /var/run ntfs acl,binary,nouser,posix=0 0 0 C:/Users /home bind noacl,binary,exec,posix=0 0 0 none /tmp usertemp binary,nouser,posix=1 0 0 C:/Users/ANRDAE~1/AppData/Local/Temp on /tmp type ntfs (binary,usertemp) C:/Programs/Cygwin_64/bin on /usr/bin type ntfs (binary,auto) C:/Programs/Cygwin_64/lib on /usr/lib type ntfs (binary,auto) C:/Programs/Cygwin_64 on / type ntfs (binary,auto) C:/Users on /home type ntfs (binary,exec,noacl,posix=0) W: on /var/run type ntfs (binary,posix=0) C: on /c type ntfs (binary,noacl,posix=0,noumount,auto) M: on /m type vfat (binary,noacl,posix=0,noumount,auto) Y: on /y type smbfs (binary,noacl,posix=0,noumount,auto) Z: on /z type smbfs (binary,noacl,posix=0,noumount,auto) -- With best regards, Andrey Repin Tuesday, December 24, 2019 12:14:33 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
Hello Andrey - many thanks for that. I have now removed /etc/passwd and /etc/group which didn't change anything. I read some of your earlier posts on this and had already tried the noacl route. Unfortunately it has made no difference. I added a second line to my fstab so it read: none /cygdrive cygdrive binary,posix=0,user 0 0 e: /cygdrive/e ntfs noacl,binary,posix=0,user,auto 0 0 with "mount" showing: C:/cygwin/bin on /usr/bin type ntfs (binary,auto) C:/cygwin/lib on /usr/lib type ntfs (binary,auto) C:/cygwin on / type ntfs (binary,auto) E: on /cygdrive/e type ntfs (binary,noacl,posix=0,user) C: on /cygdrive/c type ntfs (binary,posix=0,user,noumount,auto) D: on /cygdrive/d type ntfs (binary,posix=0,user,noumount,auto) N: on /cygdrive/n type smbfs (binary,posix=0,user,noumount,auto) P: on /cygdrive/p type smbfs (binary,posix=0,user,noumount,auto) But when creating files on an E: I still get DENY for "NULL SID" and other accounts. On Sun, 22 Dec 2019 at 14:05, Andrey Repin wrote: > > Greetings, Peter Binney! > > > Creating a file using "> newfile", "icacls newfile" shows various DENY > > settings: > > > newfile NULL SID:(DENY)(Rc,S,WEA,X,DC) > > JCPR-DELL-3\peter:(R,W,D,WDAC,WO) > > NT AUTHORITY\SYSTEM:(DENY)(S,X) > > BUILTIN\Administrators:(DENY)(S,X) > > BUILTIN\Users:(DENY)(S,X) > > JCPR-DELL-3\None:(R) > > NT AUTHORITY\SYSTEM:(RX,W) > > BUILTIN\Administrators:(RX,W) > > BUILTIN\Users:(RX,W) > > Everyone:(R) > > > Whereas on a file created from Windows Explorer I see: > > New Text Document.txt BUILTIN\Users:(I)(M) > > Everyone:(I)(RX) > > JCPR-DELL-3\peter:(I)(F) > > BUILTIN\Administrators:(I)(F) > > NT AUTHORITY\SYSTEM:(I)(F) > > > "mkpasswd" and "mkgroup" > > Please use getent > > > both show I (user "peter") have expected > > entries in /etc/passwd and /etc/group (I attach both) > > Delete both from your system, they are not needed, except for extremely rare > cases. > > > Running "whoami" commands from powershell shows: > > > PS E:\temp> whoami /groups > > > GROUP INFORMATION > > - > > Group NameType > > SID Attributes > > = > > > > == > > Everyone > > Well-known group S-1-1-0 Mandatory group, Enabled by default, > > Enabled group > > NT AUTHORITY\Local account and member of Administrators group > > Well-known group S-1-5-114Group used for deny only > > BUILTIN\AdministratorsAlias > > S-1-5-32-544 Group used for deny only > > BUILTIN\Performance Log Users Alias > > S-1-5-32-559 Mandatory group, Enabled by default, Enabled > > group > > BUILTIN\Users Alias > > S-1-5-32-545 Mandatory group, Enabled by default, Enabled > > group > > NT AUTHORITY\INTERACTIVE > > Well-known group S-1-5-4 Mandatory group, Enabled by default, > > Enabled group > > CONSOLE LOGON > > Well-known group S-1-2-1 Mandatory group, Enabled by default, > > Enabled group > > NT AUTHORITY\Authenticated Users > > Well-known group S-1-5-11 Mandatory group, Enabled by default, > > Enabled group > > NT AUTHORITY\This Organization > > Well-known group S-1-5-15 Mandatory group, Enabled by default, > > Enabled group > > NT AUTHORITY\Local account > > Well-known group S-1-5-113Mandatory group, Enabled by default, > > Enabled group > > LOCAL > > Well-known group S-1-2-0 Mandatory group, Enabled by default, > > Enabled group > > NT AUTHORITY\NTLM Authentication > > Well-known group S-1-5-64-10 Mandatory group, Enabled by default, > > Enabled group > > Mandatory Label\Medium Mandatory LevelLabel > > S-1-16-8192 > > PS E:\temp> whoami > > jcpr-dell-3\peter > > PS E:\temp> whoami /user > > > USER INFORMATION > > > > User Name SID > > = = > > jcpr-dell-3\peter S-1-5-21-1468824806-2062748802-729869357-100 > > > I also attach cygcheck.out > > See my earlier message, I strongly suggest "noacl" mount option for > directories outside Cygwin root. > No windows program expects stupid access restrictions produces by basic POSIX > permissions. > > > -- > With best regards, > Andrey Repin > Sunday, December 22, 2019 15:35:08 > > Sorry for my terrible english... > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
Greetings, Peter Binney! > Creating a file using "> newfile", "icacls newfile" shows various DENY > settings: > newfile NULL SID:(DENY)(Rc,S,WEA,X,DC) > JCPR-DELL-3\peter:(R,W,D,WDAC,WO) > NT AUTHORITY\SYSTEM:(DENY)(S,X) > BUILTIN\Administrators:(DENY)(S,X) > BUILTIN\Users:(DENY)(S,X) > JCPR-DELL-3\None:(R) > NT AUTHORITY\SYSTEM:(RX,W) > BUILTIN\Administrators:(RX,W) > BUILTIN\Users:(RX,W) > Everyone:(R) > Whereas on a file created from Windows Explorer I see: > New Text Document.txt BUILTIN\Users:(I)(M) > Everyone:(I)(RX) > JCPR-DELL-3\peter:(I)(F) > BUILTIN\Administrators:(I)(F) > NT AUTHORITY\SYSTEM:(I)(F) > "mkpasswd" and "mkgroup" Please use getent > both show I (user "peter") have expected > entries in /etc/passwd and /etc/group (I attach both) Delete both from your system, they are not needed, except for extremely rare cases. > Running "whoami" commands from powershell shows: > PS E:\temp> whoami /groups > GROUP INFORMATION > - > Group NameType > SID Attributes > = > > == > Everyone > Well-known group S-1-1-0 Mandatory group, Enabled by default, > Enabled group > NT AUTHORITY\Local account and member of Administrators group > Well-known group S-1-5-114Group used for deny only > BUILTIN\AdministratorsAlias > S-1-5-32-544 Group used for deny only > BUILTIN\Performance Log Users Alias > S-1-5-32-559 Mandatory group, Enabled by default, Enabled > group > BUILTIN\Users Alias > S-1-5-32-545 Mandatory group, Enabled by default, Enabled > group > NT AUTHORITY\INTERACTIVE > Well-known group S-1-5-4 Mandatory group, Enabled by default, > Enabled group > CONSOLE LOGON > Well-known group S-1-2-1 Mandatory group, Enabled by default, > Enabled group > NT AUTHORITY\Authenticated Users > Well-known group S-1-5-11 Mandatory group, Enabled by default, > Enabled group > NT AUTHORITY\This Organization > Well-known group S-1-5-15 Mandatory group, Enabled by default, > Enabled group > NT AUTHORITY\Local account > Well-known group S-1-5-113Mandatory group, Enabled by default, > Enabled group > LOCAL > Well-known group S-1-2-0 Mandatory group, Enabled by default, > Enabled group > NT AUTHORITY\NTLM Authentication > Well-known group S-1-5-64-10 Mandatory group, Enabled by default, > Enabled group > Mandatory Label\Medium Mandatory LevelLabel > S-1-16-8192 > PS E:\temp> whoami > jcpr-dell-3\peter > PS E:\temp> whoami /user > USER INFORMATION > > User Name SID > = = > jcpr-dell-3\peter S-1-5-21-1468824806-2062748802-729869357-100 > I also attach cygcheck.out See my earlier message, I strongly suggest "noacl" mount option for directories outside Cygwin root. No windows program expects stupid access restrictions produces by basic POSIX permissions. -- With best regards, Andrey Repin Sunday, December 22, 2019 15:35:08 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Re: Files created with CYGWIN have "NULL SID:(DENY)" windows ACL, inter alia
Yes, if you read the part in the user's guide about ACLs it explains that. As I recall, it's a place to hang information that is otherwise hard to represent in Windows, because of the differences between how the Windows and Posix permissions systems work. You'll also find that the ACLs are not in the order that Windows likes. Don't let Windows reorder them, or you will break what Cygwin is trying to accomplish! Even though the order is not standard, the ACLs work ... Eliot Moss -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
