Mail Archives: cygwin/2008/04/01/19:37:58
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Corinna Vinschen on 4/1/2008 7:44 AM:
| Erm... hang on. I just tested this on Linux:
|
|
| This looks like what we do on Cygwin, too.
Then we're in good company :) In other words, no need to go changing
things to be different than Linux, until we've proven Linux is wrong.
| Shouldn't the "nobody" entry
| disappear when calling chmod? That's how I understand the statement in
| the POSIX docs:
|
| "An alternate file access control mechanism shall [...] be disabled for
| a file after the file permission bits are changed for that file with
| chmod( ). The disabling of the alternate mechanism need not disable
| any additional mechanisms supported by an implementation."
|
| Either the ACLs of a file are not an "alternate" access mechanism,
| but an "additional" access mechanism. But that doesn't match the
| description either:
|
| "An additional access control mechanism shall only further restrict
| the access permissions defined by the file permission bits."
Yes, those were the two paragraphs I was noticing when I made my claim
that cygwin's chmod(2) wasn't obeying POSIX.
ACLs can serve as both "alternate" (give more rights to some users than
what is implied by the traditional stat bits) and "additional" (restrict
rights to certain users outside of what is shown in the traditional stat
bits).
|
| Or, Linux doesn't follow POSIX here, which seems unlikely to me.
Actually, it seems highly likely to me - after all, at one point, POSIX
considered standardizing a form of ACLs, but it never went anywhere (and
in the meantime, several competing styles of how to implement ACLs cropped
up; Solaris and Linux tackle the issue noticably different, and Selinux
security descriptors are yet another wrinkle in the picture). Maybe it's
worth asking on the Austin Group mailing list?
|
| Or, I completly misunderstand what the above quote means.
No, your understanding matched mine.
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkfy1ZMACgkQ84KuGfSFAYCpOwCeN/av36V08YCmkTTSDnVBO5EX
tU0An1gVK7kRaGrZSJDxX8SFr/WSD1vx
=opK3
-----END PGP SIGNATURE-----
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -