Greetings, Eliot Moss! >> Why does SYSTEM need full access to the files? If it's a backup tool, >> it has SE_BACKUP_NAME/SE_RESTORE_NAME access anyway. Every tool with >> Administrators in the token has the right to enable these access rights >> anyway.
> I am not sure this particular program (CrashPlan) works that way. That's not program property, but the user you run the program from. > I suppose that I am seeing SYSTEM as the moral equivalent of root in > POSIX. In POSIX, root can access anything, and I don't believes ACLs > can lock it out. I agree that Windows does not really have the concept > of a single 'root'. Administrators is close, but the various aspects > of root are split up in different ways. We're not going to get a > perfect mapping. I think i've explained it earlir, but here's it again: In POSIX model, root have implicit permissions. In Windows model, there NO implicit permissions at all. Everything should be explicitly assigned. I.e. SeBackupRestore privilege. If you deny SYSTEM access to a file, OS will not be able to do anything about it. Been there, blocked changes to cmd.exe when I was experimenting with 4NT. (And cmd.exe was in fact renamed 4nt.exe.) None of the Windows autotools were able to get around it. > Maybe what I am looking for is something like this: > - Certain Windows accounts/groups would be treated as 'root' for cygwin's > purposes, perhaps controlled by a list in a file read when cygwin starts > up. The list would be very short. "NT AUTHORITY\SYSTEM". -- With best regards, Andrey Repin Tuesday, March 31, 2015 23:48:58 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
