Issues with ACL settings after updating to the latest cygwin.dll - correction

[akikij]

Hi,
I have the different problems you have about this new security right NULL SID 
DENY added to some files.
Sometimes also Windows can't access files concerned.
He considered security rigths unordered and I have to class them before 
continue.
It's too difficult for me to help you to correct the problem.
I give only tracks to correct the effects to return to a clean situation.

I have a solution to list all files concerned in a directory tree:
#!/bin/bash
#       List on stdout objects with DENY
if [ $# -eq 0 ] ; then echo "Usage $0 path" ; exit 1 ; fi
cd "$1" || { echo "Bad path" ; exit 1; }
find . |grep -v -E '^\.$|RECYCLE.BIN|RECYCLER|System Volume Information'|while 
read i 
do      #echo "$i"
        1>&2 echo -en "$i\\r" #to see progression
        j=$(cygpath "$i")
        c=$(2>/dev/null cacls "$j" /L)
        if [ $? -ne 0 ] ; then
                s=$(file "$i"|grep 'symbolic link to')
                if [ -z "$s" ] ; then echo "not found $j" ; fi
                continue
        fi
        s=$(echo "$c"|grep -i 'NULL SID:(DENY)')
        if [ ! -z "$s" ] ; then
                echo "$c" 
        fi 
done |tee /tmp/1

I use here /tmp/1 as buffer. I can edit it before to submit to the next 
solution.
It's more safe for the moment.

I have another solution to patch security items contained in this buffer (here 
/tmp/1)
#!/bin/bash
#       Patch objects recognized having NULL SID right
#       one to one - with icacls - exit at the 1st error
ws=/tmp/NULSID  #root name for 2 temporary files, .org .new as suffixe
cat /tmp/1|grep '^.:'|while read -r i ; do
        j=$(echo "$i"|sed 's/ NULL SID.*//')
        echo "  chg $j"
        corg="$ws.org"
        cnew="$ws.new"
        icacls "$j" /save $(cygpath -w "$corg") || exit 1
        #edit with null char temporary remplaced
        cat "$corg"|tr '\0' '£'|sed -e '1 s/.*/.£/' -e 's/(£D[^)]*)£//g'|tr '£' 
'\0' > "$cnew"
        icacls "$j" /restore $(cygpath -w "$cnew") || exit 1
done

This solution not complete is usable for me now. I find many pbs in cygwin 
system
 (more than 3000 in /bin /lib ...)
I am not confident to leave this problem with ACLs. Some files are concerned, 
the others not.
I want a more deterministic function for the cygwin system.
May be an upgrade of all project datas is necessary before the use of these new 
acl functionnalities.

Sorry for my english

Regards


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple