• Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    English
    arrow-up
    111
    arrow-down
    3
    ·
    edit-2
    1 year ago

    Always fun to see people with limited understanding of ACLs struggle with filesystems that apply them. Look at this like a chance to learn!

    Windows has a lot of features built in to prevent users (and malware) from breaking their system, such as the “system” and “read only” flags. I suppose explorer could’ve asked you to elevate, unset any flags, alter ownership, and delete anyway, but that’s doing a lot of work you don’t necessarily intend to do when you click “delete”.

    Linux has this too; try the following:

    mkdir -p /tmp/test/deleteme;
    touch /tmp/test/deleteme/deleteme.txt;
    chattr +i /tmp/test/deleteme /tmp/test/deleteme/deleteme.txt
    # If you want to apply the "drive from different system" equivalence
    sudo chown -R 12345:12345 /tmp/test/deleteme
    

    Now try deleting the folder /tmp/test/deleteme from your file explorer:

    A screenshot of Gnome's Nautilus telling the user that they do not have the necessary permissions to remove the folder "deleteme"

    Frustrated, you may try to force the issue by forcefully removing the file through the terminal:

    user@box /tmp/test $ sudo rm -rf deleteme
    Place your finger on the fingerprint reader
    rm: cannot remove 'deleteme/deleteme.txt': Operation not permitted 
    user@box /tmp/test $
    

    Alright, what if I…

    user@box /tmp/test $ sudo -i
    Place your finger on the fingerprint reader
    root@box ~ # cd /tmp/test
    root@box /tmp/test # rm -rf deleteme
    rm: cannot remove 'deleteme/deleteme.txt': Operation not permitted
    root@box /tmp/test # whoami
    root
    root@box /tmp/test # 
    

    No dice! Even root can’t remove these files!

    The only way to get rid of these files, is to set/unset the right flags:

    user@box /tmp/test $ chattr -i deleteme deleteme/deleteme.txt
    user@box /tmp/test $ rm -rf deleteme
    
    • GiuseppeAndTheYeti@midwest.social
      link
      fedilink
      English
      arrow-up
      17
      ·
      edit-2
      1 year ago

      Linux is so cool, but boggles my mind. I just simply don’t have enough time to really get a good grasp on the terminal and commands associated with it. It took me 3 days worth of attempts from 8am when my fiance leaves for work to 5pm to finally get a pi-hole set up in tandem with a self hosted VPN with wireguard. I just got it up and working on Wednesday this week. I know there’s a tutorial on the pi-hole website, but with no Linux terminology experience it was tough to know what I was supposed to be typing into the terminal. Several times I was typing:

      sudo -i
      cd /etc/wireguard
      umask 077
      name="client_name"
      echo [interface] > "name"
      

      I thought the name= line would tell the terminal that I wanted to replace all the following lines that “name” appeared in with “client_name” automatically. Then I figured out that they were just telling me that I needed to replace “name” in their terminal commands with what I wanted to name the associated files I was creating lol. It was a real man…I’m a fucking moron moment.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        1
        ·
        1 year ago

        Learning to work with any operating systems beyond the most basic apps takes a lot of time. Whatever OS you started out with probably took you a few years to get into, but as a kid you don’t notice that you’re learning anything special. And, to be honest, Linux GUIs lack a lot of quality of life features. At least in Windows you can use the mouse to make files read-only, in many Linux utilities you can’t even see or modify such attributes.

        Getting Wireguard and Pihole working without any prior Linux knowledge is an impressive feat on its own! Putting three days of work into it shows more dedication than I would have, I hope it paid off when you finished!

        Also, you were so close with the name thing. In most shell languages, after typing name="client_name" you can use the dollar sign to refer to the value you set, i.e. $name.

        If type this:

        name="Eve"
        echo "Hello, $name!"
        

        you would see Hello, Eve!

        This would actually work perfectly:

        user@box ~ $ name="client_name"
        user@box ~ $ echo "[interface]" > $name
        

        This would create a file called client_name that contains the line [interface].

        I see a lot of tutorials online that had special characters removed (i.e. the dollar sings) or had broken script because quotes were turned into fancy quotes that are meaningless to the terminal, often because those guides were shamelessly stolen from other sites without checking if they even worked. It’s easy to miss these things!

        • GiuseppeAndTheYeti@midwest.social
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          That makes total sense. I never really considered that I have been learning Windows over the past 20 years. It was just learning “computer”. And I really appreciate the compliment to my dedication on it! I’m really happy with the result and I learned more about linux/networking/LePotato/Pi-hole than I would have guessed at the beginning of this whole project. From battling with Wireguard server configuration…ufw and portforwarding…client configuration…back to ufw…IP configuration…keys…etc. Troubleshooting was a maze sometimes 😂. One more thing before I go.

          About the name thing. Say I type:

          name="Gerald"
          wg genkey > ${name}.key
          

          Would my output then be a key generated by Wireguard and named “Gerald.key”? Or would it need to be:

          wg genkey > "${name}.key"
          

          Or like in your example:

          wg genkey > $name.key
          

          I think I’m mostly getting caught up in when the quotations are necessary and when they’re not.

          • Skull giver@popplesburger.hilciferous.nl
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            1 year ago

            About the name thing. Say I type:

            name="Gerald"
            wg genkey > ${name}.key
            

            Would my output then be a key generated by Wireguard and named “Gerald.key”?

            Yes, assuming the user you’re logged in as has access to write files in the current directory. In /etc/wireguard, that’s usually only possible if you’re logged in as root (or using an interactive sudo shell). Adding sudo to your prompt doesn’t help in that case, because sudo only works up to the redirection character (>).

            HOWEVER: if $name is supposed to contain John Cena you’ll need to use wg genkey > "$name" or wg genkey > "${name}". Otherwise, your private key will appear in a file named John, and the key contents would be followed by the word Cena! Spaces mess up the shell and for that quotes are very very useful.

            I think I’m mostly getting caught up in when the quotations are necessary and when they’re not.

            The exact rules differ per shell. The default on Ubuntu is bash, the rules for which I’ll add below. macOS and some other distros use zsh as a default, which is mostly bash compatible but includes some “most people probably mean to type this other command” style fixes.

            In general:

            • Double quotes are used for when a variable can contain spaces (like a file name)
            • Single quotes don’t expand variables; '$name' contains the literal string $name, not Eve Johnson
            • Omitting quotes will lead to variables being expanded in place. If the contents of the variable are a single word, that effectively works the same as if you use double quotes

            Suppose you have a directory with these files:

            • file
            • file with spaces
            • readme.txt

            Suppose you want to remove some files with this script, using rm to delete them:

            myFile="file with spaces"
            
            # first quote option
            rm $myFile
            # second quote option  
            rm '$myFile'
            # third quote option
            rm "$myFile"
            

            The first rm call will try to remove the files file, with, and spaces. It will delete the file named file and give you two errors for the missing other two files. It’s as if you typed rm file with spaces. rm takes a long list of files that need to be deleted, so it’ll think you want to delete three files!

            The second rm call will give you an error, telling you that there is no file called $myFile. It’s as if you typed rm '$myFile'. You can create a file with that name, though; touch \$myFile or touch '$myFile' will create a file starting with a dollar sign. Many tools forget that this is a possibility (just like * and ? are perfectly valid file names!) and scripting based tools can easily fail or crash or even get exploited by hackers if you place a file with special characters on the system!

            The third rm call will remove the file file with spaces and leave the rest alone. It’s as if you typed rm "file with spaces". It’ll remove the one file.

            Using ${variable} is a bit safer and clearer, because you indicate exactly where the name of the variable starts and where it ends. Quotes and such are still necessary, following the conventions above. This is useful when you try to create a string like backup_$date_morning_$user.bak; are you referring to a variable $date_morning_ or to a variable called $date? backup_${date}_morning_${user}.bak makes things a lot clearer!

            For my own sanity and to make sure I know what to expect, I generally use double quotes and preferably ${} style expansion ("$name") for strings I want variables to be expanded in and single quotes around strings I definitely do not want variables to mess with.

            • GiuseppeAndTheYeti@midwest.social
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Wow! You absolutely know what you’re talking about! You did an amazing job clearing that up for me. I’ll save this comment in case I need to come back to it. Thank you!

      • intensely_human@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        The first progress is always the slowest.

        It won’t always take you an entire day to get anything done in Linux. That’s just the pace you’re at as a beginner. As your knowledge expands you move faster.

    • 1984@lemmy.today
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      edit-2
      1 year ago

      It’s not very commonly used though. I have seen this command only a few times. I don’t feel like Linux users are missing stuff like this, so they dont use it.

      But thanks for the long comment, was a nice read. :)

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        It’s not commonly used (on the usual popular systems) but for “simple” systems (like Ubuntu) it should probably be used more. There are reasons to remove /usr or ~, but I think requiring a special command to prevent accidents would solve more problems than it causes.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        sudo would do nothing. Changing the (effective) user and group IDs does not magically make rm aware of the immutable bit, nor does it alter the behaviour of rm’s code to unset that bit before trying to remove it.

        In the example I gave above, I did use sudo. sudo -i started an interactive shell with root permissions, and rm failed to remove the directory and file inside it.

  • DarienGS@lemmy.world
    link
    fedilink
    English
    arrow-up
    113
    arrow-down
    9
    ·
    edit-2
    1 year ago

    What’s wrong with this? Every OS has permissions that stop users from messing with system files.

    • stappern@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      55
      arrow-down
      39
      ·
      edit-2
      1 year ago

      this is not the system folder, different drive, old windows install and no not every os has this. luckly…

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        70
        arrow-down
        3
        ·
        1 year ago

        If you try to access an old Linux install you could run into the exact same problem. Both Linux and Windows nowadays use filesystems with permissions embedded into them, so if the user on the new install doesn’t match the old one you’ll have a problem.

        • stappern@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          37
          ·
          1 year ago

          but i just tried i can delete system folders from a different linux drive with no problems

          • redcalcium@lemmy.institute
            link
            fedilink
            English
            arrow-up
            16
            ·
            1 year ago

            Certainly not without using sudo right? It’s the same in the windows land, the UAC dialog is windows’ equivalent of sudo.

            • stappern@lemmy.oneOP
              link
              fedilink
              English
              arrow-up
              10
              arrow-down
              13
              ·
              1 year ago

              correct, but why wasnt i given a UAC prompt here? it just says Try again and Cancel

              • redcalcium@lemmy.institute
                link
                fedilink
                English
                arrow-up
                14
                ·
                1 year ago

                Probably due to some sort of idiot-proof protection to prevent people from deleting their windows folder from explorer. Try running a CMD shell as administrator and delete it from the command line instead.

            • bob_wiley@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              ·
              1 year ago

              This breaks the system, depending on your current directory when running it. I had an intern do this to a server while in /. We were able to recover through some tomfoolery, but only because he was still logged in. No one else could get into the system after he destroyed the permissions.

        • stappern@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          12
          ·
          1 year ago

          i just deleted what i needed with another os, i didnt want to format it i needed some space and wanted to keep some folders

      • Aasikki@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        4
        ·
        1 year ago

        Why wouldn’t you just format the drive if it had an old windows install?

          • Confused_Emus@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            ·
            1 year ago

            Back up the folders and format the disk. If you’re deleting system files and folders, you’re clearly not running the OS from this other disk. Why waste the space on unneeded system files?

      • Fushuan [he/him]@lemm.ee
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        3
        ·
        1 year ago

        laughs because it has the same level of protection as other OSs and thus is quite secure in that regard, right?

        • vojel@feddit.de
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          22
          ·
          1 year ago

          Laughs in Linux because if I really want to mess things up it wont stop me unless I am not root. Administrator on Winshit means nothing at all, no control over your system.

          • Fushuan [he/him]@lemm.ee
            link
            fedilink
            English
            arrow-up
            14
            arrow-down
            2
            ·
            1 year ago

            You do realize that in this very post they explain that if you mount an old linux drive with another user, you can’t delete stuff either until you remove the flags or change the owner of the old drives’ files?

            You can do the same in windows, too.

            They are not trying to access their own Windows folder, but that of an old drive.

            • vojel@feddit.de
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              14
              ·
              1 year ago

              Maybe you didnt see I responded to a comment that says that every OS has such dumb mechanisms as mentioned in the post which is def not true. I use Arch btw.

              • Fushuan [he/him]@lemm.ee
                link
                fedilink
                English
                arrow-up
                7
                ·
                1 year ago

                You mention Linux in your comments, but this same thing happens in Linux too! It’s the third time I’m writing this in this comment chain, I’m gonna assume you are a troll since you can’t be this dense. The top comment of this post explains why this also happens in Linux, I mentioned it first and then have you an example. If you can’t ocess that information it’s not my problem. Have a nice day.

  • PhiAU@lemmy.world
    link
    fedilink
    English
    arrow-up
    81
    arrow-down
    2
    ·
    1 year ago

    Of the many grievous faults of Windows to pick on, file system permissions like this are not one.

    As admin you have permission to change ownership and override permissions. And a relic copy of the OS folder is going to have some of the most restrictive permissions possible.

    I would expect similar behaviour on any modern OS.

    • Psythik@lemm.ee
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      1 year ago

      OP is probably young and doesn’t remember the pre-Vista days, when viruses ran rampant because the concept of admin rights didn’t exist yet.

      • MystikIncarnate@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        Oh, it existed. It was just much more difficult to use and required an understanding of what you’re doing to set it up first.

        The UAC version from Vista+ is implemented by default and far easier to run/manage for the typical end user. Most users find it hella annoying, but it’s easier than the alternative, since they’ve never used the alternative, they don’t know that.

        Basically, you’d have to create an admin account, and a user account, then intentionally not use the admin account except for admin things… I did this, and it kept me out of trouble in a couple of close calls. Windows power users trend up like to endorse or brag(?) About how often they reinstall, and bluntly, I almost never reinstall my PC. I just don’t bog it down with garbage constantly. :)

    • gornius@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Actually ACL on Windows is very bad. Recursively changing owner of directory can take minutes, same operation on any UNIX-like OS takes seconds.

  • Mininux@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    67
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I hate windows too but this is something normal that also happens on Linux. Take a drive from another system and you won’t be able to edit its protected files without root access.

          • Muddybulldog@mylemmy.win
            link
            fedilink
            English
            arrow-up
            25
            ·
            1 year ago

            The drive doesn’t have a say. The permissions surrounding the TrustedInstaller account have a say. The account existed on your first Windows install and also on your new one hence the permissions and associated restrictions persevere. This is expected behavior.

            • stappern@lemmy.oneOP
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              21
              ·
              1 year ago

              because a non administrator shouldnt be able to mount drives and other admin operations. an admin should be able to do anything on that machine

              • SuperFlue@kbin.social
                link
                fedilink
                arrow-up
                12
                ·
                1 year ago

                ACL’s are an integral part of most filesystems.
                So yes the drive absolutely has a say in this (technically the NTFS filesystem) in combination with the OS’s filesystem driver.
                The Windows folder is set to be owned by the TrustedInstaller SID (S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464) which is a “well known” Security Identifier.
                This identifier is the same accross Windows systems in a similar way root is UID 0 on Linux.
                Therefore the access rights for TrustedInstaller persists across Windows installs, and also other rights that are defined on the filesystem object.

                Linux uses mainly POSIX ACL which is “fairy simple”, while NTFS ACL can be very complex.
                Should also note that the the UNIX and UNIX-like world there is also NFSv4 ACL which is comparable to NTFS ACL.

                But the basic idea persists across almost all filesytem ACL.
                The user that is running the command must have the right user ID (that is UID/GID in Linux and SID in Windows) that has the correct access rights to do the action you want.

                With Windows administrator rights you can indeed delete everything if you really want.
                But then you have to give your administrator account the right access tokens or you need to impersonate the account in question (both of which are possible if you have an local administrator account, but does require the techincal know-how).

                In Windows a lot of these things are in place both to prevent users from shooting themselves in the foot, but also to provide defence-in-depth against malware.

      • KyuubiNoKitsune@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        That’s really bad logic and you’re missing the point here. trusted installer is the owner of the folder. The fact that it’s an old windows drive or that your an admin makes absolutely no difference. It’s a file system ACL, those ACLs don’t just magically disappear from the drive when it’s no longer the system drive.

        Take ownership of the folder, add your account or the everyone security identifier with full access permissions and then delete it.

        I’m sorry to say this but the fact that you’re complaining about this is more a reflection on your lack of understanding of how file system ACLs work, in any OS, than anything else.

        The braincells were not there to begin with, you didn’t lose them. <= that’s a joke, I’m not trying to be mean.

  • guajojo@lemmy.world
    link
    fedilink
    English
    arrow-up
    57
    arrow-down
    7
    ·
    1 year ago

    This is perfectly normal, what you’re looking for is a more insecure OS maybe?

    • Holzkohlen@feddit.de
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      23
      ·
      1 year ago

      Windows, the first thing that comes to mind when someone talks about security. lol

      • TurboFool@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        Because what people want is often very, very stupid. And also because the difference between “you” and a malicious app acting like you is non-existent. If you can easily change vital files, so can any drive-by app you accidentally run.

    • stappern@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      58
      ·
      1 year ago

      but linux does exactly what you want , ive never been pulled a number like this.

        • Vilian@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          9
          ·
          edit-2
          1 year ago

          how? it’s to delete a file in other driver, it don’t get in your way

        • stappern@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          28
          ·
          1 year ago

          but its true? theres lots that you cant say against linux but you cant say it doesnt do exactly what you want.

          • Muddybulldog@mylemmy.win
            link
            fedilink
            English
            arrow-up
            20
            arrow-down
            1
            ·
            1 year ago

            Nearly 30 years of LINUX experience. I can definitely say on a regular basis that LINUX doesn’t do exactly what I want.

          • AirBreather@lemmy.world
            link
            fedilink
            English
            arrow-up
            19
            ·
            1 year ago

            you cant say it doesnt do exactly what you want.

            As someone (a different guy than whom you’re replying to) who has primarily used Linux-based systems in personal settings for about 15 years or so, I can and will say that.

            For the most part, Linux-based systems tend to do exactly what you tell them to do. Whether or not this is exactly what you want, however, is a slightly different point.

          • BROMETHIUS@lemmy.world
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            I want it to play rocket league. Without using wine or proton.

            There are some things that Linux won’t allow you to do natively. I understand it’s better because it’s open, but come on.

          • virku@lemmy.world
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            2
            ·
            1 year ago

            If you know exactly what you want and how to do it.

            I spent countless hours trying to make my display driver working in Linux years ago. I knew what I wanted, but it was impossible. For me at least. I know many who has similar experiences.

            • Vilian@lemmy.ca
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              6
              ·
              edit-2
              1 year ago

              where are talking about files, not drivers from others companies that depend on their support

              • virku@lemmy.world
                link
                fedilink
                English
                arrow-up
                7
                ·
                1 year ago

                No op just said Linux does exactly what you want. My point is that it sometimes is very hard to know how to do what you want. I am not saying Windows is any better in this regard though.

      • Tolstoy@lemmy.world
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        1
        ·
        1 year ago

        I don’t use Linux but I assume you’re the kind of person typing sudo before every command ^^

      • ZephrC@lemm.ee
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        2
        ·
        1 year ago

        Linux does exactly what you tell it to. If all your experience is with systems designed by engineers trying to guess what you really want, that can be confusing and intimidating.

  • glimse@lemmy.world
    link
    fedilink
    English
    arrow-up
    32
    ·
    1 year ago

    It’s still a protected folder even if it’s not the active OS and that’s a good thing…? It will permanently break the install, how is Windows supposed to know you’re never going to use it again? It doesn’t see you as the owner and prevents you from messing it up.

    But if you’re sure you want it gone, you need to Take Ownership

    • PlaidBaron@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Windows is designed for the average user and does very well in that regard. It prevents people with very little computer knowledge from totally messing things up.

  • tomi000@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    3
    ·
    1 year ago

    I dont even know anymore. These “Windows bad” posts get so stupid by now I can only assume it is satite at this point. Im just waiting for “Task Bar is 20px high instead of 21, literally unusable”

    • TheGreenGolem@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Yeah, like linux doesn’t do this shit all the time. Permission denied always. I’M YOUR FUCKING GOD, DON’T EVER DARE TO GIVE ME PERMISSION DENIED.

  • krondo@lemmy.world
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    3
    ·
    1 year ago

    Uga uga i dont know anything to do with computers but linux good windows bad give me upvote now uga.

  • eezeebee@lemmy.ca
    link
    fedilink
    English
    arrow-up
    17
    ·
    1 year ago

    Sorry to be the bearer of bad news. Unfortunately it seems that you cannot be trusted with installation :(

    • 1984@lemmy.today
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      3
      ·
      1 year ago

      People are really harch with their downvotes. It really wasn’t that bad. :)