X-Recipient:	archive-cygwin AT delorie DOT com
X-Spam-Check-By:	sourceware.org
Message-ID:	<493A06EF.7B6E3A69@dessent.net>
Date:	Fri, 05 Dec 2008 21:00:31 -0800
From:	Brian Dessent <brian AT dessent DOT net>
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: CYGWIN=ntsec, "cp -a", and NT acls
References:	<4939CF79 DOT 5010405 AT qualcomm DOT com> <4939DED2 DOT EB875495 AT dessent DOT net> <4939FAEC DOT 4050908 AT qualcomm DOT com>
X-IsSubscribed:	yes
Reply-To:	cygwin AT cygwin DOT com
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

Rob Walker wrote:

> [RGW] Hm, looks simple...  Why isn't this part of "cp -a" ?

You have to understand the history of things.  In the classic unix
world, a file has an owner, a group, a mode, and several timestamps. 
From the standpoint of what "cp -a" can manipulate portably, that's
basically it.  All of those things are neatly returned by stat(3) and
are easily settable/copyable across various filesystems.

Extended attributes and/or ACLs are a relatively new introduction --
'new' relative to the fact that traditional unix filesystems are more
than 30 years old.  They are also inherently very filesystem and
operating system-specific: everybody does it slightly differently. 
Check out this overview of the subtle differences of a dozen different
platforms' ACL APIs:
<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob_plain;f=doc/acl-resources.txt;hb=HEAD>.

It's very hard for a general program like 'cp' to know about all these
various ACL APIs, let alone have any idea how it would go about
translating the semantics of one to another, which would be required for
copying across two different filesystems.  Remember that 'cp' comes from
GNU coreutils which is a set of generic tools that target dozens of
various *nix-ish platforms, whereas the implementations of the getfacl
and setfacl commands come from Cygwin itself which has the specific
knowledge of Windows NT ACLs.

> [RGW] This differs from my experience.  Many Windows tools are able to 
> (built to?) twiddle +R and overwrite.  They do not seem to be able to 
> handle when the ACLs deny them permission, though.

Again, attributes have zero to do with security or permissions.  They
are just a few extra advisory bits that the application (or C runtime)
is free to interpret in any way it wants; they offer nothing in the form
of OS-enforced restrictions.  The Cygwin feature of using the 'backup
privilege' to emulate root semantics is about bypassing ACLs, not
attributes.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -