Web lists-archives.com

Re: win dirs don't handle lack of inherited rule(?): getfacl + tar dir Warning: Cannot acl_to_text: Invalid argument




On 2019-03-10 04:48, L A Walsh wrote:
> On 3/8/2019 4:15 AM, Corinna Vinschen wrote:
>> On Mar  7 19:35, L A Walsh wrote:
>>> I ran tar on another directory and got a huge number**
>>> of these:
>>> tar: rules: Warning: Cannot acl_to_text: Invalid argument
>>> tar: adblockplus: Warning: Cannot acl_to_text: Invalid argument
>>> tar: autopager: Warning: Cannot acl_to_text: Invalid argument
>>> tar: bookmarkbackups: Warning: Cannot acl_to_text: Invalid argument
>>> ---

Losing/not having default ACLs (DACLs) defined on directories can cause Cygwin
grief as it will be unable to access files in those directories, whereas
Explorer seems to ignore the lack of DACLs and allow you to browse the files.

>> Can you please provide the cacls or icacls command creating
>> a directory that allows to reproduce the issue?
> 
> I doubt that area of my disk has ever been manipulated by 
> cacls or icacls. That's in my roaming profile.

Define this sh function, run it on problematic directories or files, and reply
with the output:

# lsp - list permissions with ls, getfacl, icacls
lsp ()
{
    local p;
    for p in "$@";
    do
        ls --color=auto -dl "$p";
        getfacl "$p";
        icacls "$(cygpath -m ""$p"")";
    done
}

e.g. and running my cygcheck sanitizer over the output:

$ lsp ~ | cygcheck-hrsv.sed
drwxrwx---+ 1 SYSTEM SYSTEM 0 Mar 10 07:07 /home/$USER
# file: /home/$USER
# owner: SYSTEM
# group: SYSTEM
user::rwx
user:$USER:rwx
group::---
group:Administrators:rwx
mask::rwx
other::---
default:user::rwx
default:user:$USER:rwx
default:group::---
default:group:Administrators:rwx
default:mask::rwx
default:other::---

C:/Users/$USER NT AUTHORITY\SYSTEM:(OI)(CI)(F)
             BUILTIN\Administrators:(OI)(CI)(F)
             $HOSTNAME\$USER:(OI)(CI)(F)

Successfully processed 1 files; Failed processing 0 files

> One thing that may be confusing some software is, what seems like
> cygwin adding the NULL SID with deny entries but also, according
> to the explorer security dialog, "out of normal order for them to be
> effective".  So it auto-reorders them if it tries to write to them.
> 
> If that could be cleaned up, so explorer and other software wouldn't
> think the ACL is "out of order" and want to re-arrange it, that might
> help.  It can't be good for different pieces of software to constantly
> be trying to apply their own "standards".

Windows doesn't know how to do POSIX ACLs so Cygwin works around those
limitations using equivalent Windows ACLs.
Just because Explorer does not understand those ACLs' order does not mean they
are invalid or wrong: just not set via the Explorer interface using its simple
approach - only Explorer is confused; that's why Explorer has an Advanced
security pane - to set stuff Explorer can't.
Don't let Explorer cleanup, fix, or reorder those ACLs to avoid grief!
Explorer dislikes a lot of what I work with, so I don't use Explorer much:
pcmanfm works for me.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple