Mail Archives: cygwin/2009/10/23/11:27:47
On Oct 23 10:45, Mikel Ward wrote:
> Hi All
>
> Default ACLs don't seem to work as they would on Linux, or for that
> matter as they do for files created via Windows Explorer.
>
> Is this expected?
It's a bit unexpected, actually. Some of the security-related code
hasn't been touched for years and it appears that some of the
assumptions are rather old-fashioned. I read MSDN quite a lot today.
It seems that ACE inheritance depends on the usage of the high-level
functions SetSecurityInfo/SetNamedSecurityInfo. Cygwin on the other hand
uses the ultra-low level function NtSetSecurityObject, which apparently
has no idea what ACE inheritance is about.
And it gets worse. Neither the NtCreateFile function, nor the
CreateFile function handle ACE inheritance either. So, even if you
provide these functions with a security descriptor with the
SE_DACL_AUTO_INHERIT_REQ bit set, it's simply ignored and no inheritance
is performed.
I'm not yet sure if I should fix this for 1.7.1. Keeping this
behaviour for the time being is at least not a regression :}
Thanks for the report,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -