Mail Archives: cygwin/2008/09/09/02:49:01
Cygwin by default, tries to implement POSIX permissions using the NT ACL
system - fairly well described here:
http://cygwin.com/cygwin-ug-net/ntsec.html
The way this feature is implemented interacts poorly with Vista,
however. A previous mailing (with reply) on this list that tried to
describe this issue is here:
http://www.mail-archive.com/cygwin AT cygwin DOT com/msg83783.html
Reply:
http://www.mail-archive.com/cygwin AT cygwin DOT com/msg83794.html
The Vista feature in question is "Shared Files", which is *not* the same
thing as a network share. Rather, it describes files which are shared
between *different* users of the *same* computer, rather than different
users in a network environment.
Vista comes with a saved search that tries to show all such "Shared
Files" in your profile directory, recursively; i.e. files that you would
reasonably expect to own, but are letting other users of the same
computer access. The saved search is located here:
C:\Users\<user-name>\Searches\Shared By Me.search-ms
The way it appears to work is by looking for files and directories which
have access-allowed access control entries (ACEs) for the groups Users
or Everyone.
Unfortunately, Cygwin creates an ACE for the group Everyone, even with
umask 0077, or after chmod 0700 is applied. Specifically, this is what
it looks like using cacls:
Everyone:(special access:)
READ_CONTROL
FILE_READ_EA
FILE_READ_ATTRIBUTES
How can addition of this ACE be controlled or prevented by default for
Cygwin applications?
Thanks,
-- Barry
--
http://barrkel.blogspot.com/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -