Web lists-archives.com

Re: win dirs don't handle lack of inherited rule(?): getfacl + tar dir Warning: Cannot acl_to_text: Invalid argument




On Mar 13 10:18, Corinna Vinschen wrote:
> On Mar 12 19:22, L A Walsh wrote:
> > Hope this is ok...the original was in utf16, it's also all one line...
> 
> No worries.
> 
> > On 3/12/2019 9:36 AM, Corinna Vinschen wrote:
> > > Can you please create an acl file like this:
> > > 
> > > $ icacls default.nlaw-32 /save x.acl
> > ---
> > default.nlaw-32
> > D:P(D;;SWRPWPDTRC;;;S-1-0-0)(A;;FA;;;S-1-5-21-33333-77777-33333-5013)(A;;0x1201ff;;;S-1-5-21-33333-77777-33333-201)(A;;0x1201ff;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1201ff;;;SY)(A;;0x1201ff;;;DA)(A;;0x1201ff;;;BA)(A;;0x1201ff;;;S-1-5-21-1885695451-752926663-1105222378-1015)(A;;0x120080;;;WD)S:AI(ML;OICIID;NW;;;HI)
> 
> Thank you.  This allowed me to create a file with an equivalent DACL...
> almost.
> 
> The interesting thing here is that after ACL restoration the DACL has
> all the entries as yours, in the same order, except that the 
> 
>   Mandatory Label\High Mandatory Level:(I)(OI)(CI)(NW)
> 
> entry is not created.  I tried the same under the SYSTEM account and
> it still silenty ignored the above entry.
> 
> Given that the DACL is no problem for getfacl without this mandatory
> label entry, I have to assume that this is what acl_to_text chokes on.
> 
> The problem now is... how on earth can I create an ACL with this
> entry?  The GUI does not allow to add it and icacls apparently
> doesn't allow this either, even though it shows it nicely.

Never mind, I managed to add a Mandatory label with

  icacls filename /setintegritylevel '(CI)(OI)H'

and I can now reproduce the "Invalid argument".


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature