On 3/10/2019 7:09 AM, Brian Inglis wrote:
> Define this sh function, run it on problematic directories or files, and reply
> with the output:
>
> # lsp - list permissions with ls, getfacl, icacls
> lsp ()
> {
> local p;
> for p in "$@";
> do
> ls --color=auto -dl "$p";
> getfacl "$p";
> icacls "$(cygpath -m ""$p"")";
> done
> }
>
> e.g. and running my cygcheck sanitizer over the output:
>
---
What is your cygcheck sanitizer? I don't think I'm familiar with it...
ok, the top directory of my Palemoon install just below the
profiles dir has the problem from tar:
tar: default.nlaw-32: Warning: Cannot acl_to_text: Invalid argument
Your script (thank you very much!), shows:
> lstp default.nlaw-32
drwxrwx---+ 1 Bliss\law Bliss\lawgroup 0 Mar 12 08:30 default.nlaw-32
# file: default.nlaw-32
# owner: Bliss\law
# group: Bliss\lawgroup
user::rwx
group::rwx
group:TrustedInstaller:rwx
group:SYSTEM:rwx
group:Bliss\Domain Admins:rwx
group:Administrators:rwx
group:lawgroup:rwx
mask::rwx
other::---
getfacl: default.nlaw-32: Invalid argument
default.nlaw-32 NULL SID:(DENY)(Rc,S,REA,WEA,X,DC)
Bliss\law:(F)
BLISS\lawgroup:(RX,W,DC)
NT SERVICE\TrustedInstaller:(RX,W,DC)
NT AUTHORITY\SYSTEM:(RX,W,DC)
BLISS\Domain Admins:(RX,W,DC)
BUILTIN\Administrators:(RX,W,DC)
Athenae\lawgroup:(RX,W,DC)
Everyone:(Rc,S,RA)
Mandatory Label\High Mandatory Level:(I)(OI)(CI)(NW)
Successfully processed 1 files; Failed processing 0 files
------
Does that give any insight into the problem?
>
> Just because Explorer does not understand those ACLs' order does not mean they
> are invalid or wrong: just not set via the Explorer interface using its simple
> approach - only Explorer is confused; that's why Explorer has an Advanced
> security pane - to set stuff Explorer can't.
>
---
??? Um...I don't think I ever use it's simple interface -- it bothers
me because it isn't literal enough (hides too much detail).
Are we doing posix acls or sun acls? I thought at one point they were
sun?
> Don't let Explorer cleanup, fix, or reorder those ACLs to avoid grief!
> Explorer dislikes a lot of what I work with, so I don't use Explorer much:
> pcmanfm works for me.
>
It doesn't -- its the advanced panel that I use for resetting. The problem
is that it isn't just Explorer. After a reinstall, I had odd permissions in
several places, so I got "can't write" errors when I tried to use a
music player
that had its database in roaming profile. I found a few oddities, like
----rwxr-x on a few directories and files. Resetting them in cygwin
didn't fix the problem -- thus I used the advanced dialog in explorer.
The errors were that it couldn't write to various databases.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
