| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=Q5eJOqM/2jyDw/CDOnSTsMvd2R9arRUFOJsvvKWagMkhDu/vX4Ppe | |
| rZ0qEEiSS0lY183q72rZfipfQV1cnP6wKW+BG4C+LuczJ+saENUm1gwQdHNKAAua | |
| vF4uxuKF0KOS+bODGe4jQBUu2qQOWLh08aL0ggefVJDymDDCIXvFLk= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=3MwqpYV9fnx5uSW+1QDK28DfhoQ=; b=cQua5U+fb41Nq8B0Kr4/BQGtHq1S | |
| JNH5u+EQUIPgjUtM+POcHdgOPRroD3qAAaaMaKKEUxJBPaEm42wnAQQeaP4zkGJw | |
| 3kjJFaI+PgCGsoGqOa123AjWkqY0nhSFGL49YcAEG8A0YFsh4vV52BF9dFGoBglH | |
| imJmLdUFho5XLFs= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Tue, 12 Aug 2014 14:55:13 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Security Settings for directories created in Cygwin (+ executable bit on files) |
| Message-ID: | <20140812125513.GE21106@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <86wqajxtm9 DOT fsf AT somewhere DOT org> <loom DOT 20140812T122015-809 AT post DOT gmane DOT org> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <loom.20140812T122015-809@post.gmane.org> |
| User-Agent: | Mutt/1.5.23 (2014-03-12) |
--ylS2wUBXLOxYXZFQ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Aug 12 10:51, Kurt Franke wrote: > Sebastien Vauban <sva-news@...> writes: > > [...] > > Asking Cygwin to stop playing with the Windows ACL, by mounting my > > personal directories as "noacl"? Well, that means I won't be able to > > use `chmod' anymore, for setting a script file as "executable", then. > > And I'll have to use a Windows tool to do so, such as `cacls'. > ... >=20 > Hello, >=20 > there is a possibility to get bettter permission settings on files created > by a windows program inside a directory created by cygwin. > you must create special ACE's on this directory like in the following > example with german names used in one of my scripts: >=20 > icacls "$dir" /remove ERSTELLER-BESITZER > icacls "$dir" /grant 'ERSTELLER-BESITZER:(OI)(IO)(R,W,D,WDAC,WO)' > icacls "$dir" /grant 'ERSTELLER-BESITZER:(CI)(IO)(F)' That's "CREATOR OWNER" in english systems. > icacls "$dir" /remove ERSTELLERGRUPPE > icacls "$dir" /grant 'ERSTELLERGRUPPE:(OI)(IO)(R,W)' > icacls "$dir" /grant 'ERSTELLERGRUPPE:(CI)(IO)(RX,W,DC)' > icacls "$dir" /remove Jeder > icacls "$dir" /grant 'Jeder:(RX)' > icacls "$dir" /grant 'Jeder:(OI)(IO)(R)' > icacls "$dir" /grant 'Jeder:(CI)(IO)(RX)' "CREATOR GROUP" > It creates different Default ACE's for files an directories and these will > be inherited correctly when using non-cygwin-windows programs. For > dirctories the execute permission is inherited b ut for files it is not > inherited. > [...] > To have those DEFAULT ACE's of general use for integration of cygwin and > windows without always executing a script after creating a new directory = in > cygwin it would be necessary to inherit those none-simple DEFAULT ACE's in > cygwin directory creation also, not onle the simple ones. > A drawback for this may be the fact the gefacl/setfacl utilities does not > understand those ACE's and thus don't show / don't set it. It complicates handling of default permissions in the acl system calls a lot. You'd have to handle two CREATOR OWNER ACEs as a single "default:user" entry. Same for "CREATOR GROUP". I'm not saying this is impossible to implement, just that it's a good amount of work. http://cygwin.com/acronyms/#PGA Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --ylS2wUBXLOxYXZFQ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJT6g6xAAoJEPU2Bp2uRE+gtHsQAIP1i3Cgl7xAUGBqYzqQQGj8 AASNNSxAndykswp4e6UqIrQzCME/lROR/tqpENog7dCxNsSaYSlj4DiKrNoIM5m0 ENkhcplzqEp6aiFpqZYy+P7N60gc9aUfiJOvKjBMOcIKiHKoiCk15PllbUZqVfMG ESZPnbIv+DEaDL3xANbqawU/C76zxXHamJOhKBcc74l7cRTKT2qj2w/UmIlRc9jx 332mj/f3s9xsoADH65WDTYJJMFdPKkioeyl98KDjwqdO6wjq0NZ/X9eyVn9qsiE7 UASGzEwbPjrEja13lTYXIsFkVmBeDYylQk1X8IudYsXCDXWpcyRyinT2aY8puvzA GcvciuXmLVrtOiW0PaH/sV9B0mq6zdpSmvK7P8ij9ORwu7/zDmnloFMx+0+TTT78 2hgpdGlimh7ejWVnEKN1jJ0V5JdRTmPFU/K/TN5gB7ifWkJ20jvWwJe3WVFEdPZi US2QvSiMtI9WMQXFlJStnQKKA7cR5wTLsgKiSmw5HcCzj2GRZEWpsaqEJCAFdchf v90tkkDcJQKs9lRTJR/EC0Uo+L77+voF79q/q0Ds8tcWr6M5p+UtEUh3cMtdV+VS DUWBxfToqcOBl3jYS/rupGh5LdcxX4sex8i6ZyLbZN2f/Rfk/tyZFGTXlgDtTLfC 7iU8DMRp0xpFEFYqbzSo =vlVt -----END PGP SIGNATURE----- --ylS2wUBXLOxYXZFQ--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |