This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

How to prevent new files from having ACL that grants SYSTEM full control?


I have ntsec enabled, and I have the permissions on all my personal
files and directories set so that /bin/ls will show the permissions
without the trailing '+'.  Thus, /bin/ls shows me extactly who has
access to my files, and I don't have use Explorer or cacls to see who
has access.

Whenever I create a new file or directory in one of my directories using
a non-Cygwin Windows application (e.g., Wordpad), the file has the
following ACLs:

	c:\franl\todo.txt CORP\flitteri:F 
	                  NT AUTHORITY\SYSTEM:F 

which causes /bin/ls to show the permissions as "rwx------+".

Is there any way to prevent the SYSTEM ACE from appearing in the ACL of
new files and directories created by Windows applications (thus
eliminating the '+' from the /bin/ls output)?

At first, I thought the SYSTEM ACE was being inherited from the
directory in which the file was created, but that's not the case.  There
is no SYSTEM ACE in the ACL on the containing directory.

Any suggestions?
--
Francis Litterio
franl <at> world . std . com


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]