| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=oqNlpzgCBBWsXdQI9uzlR9MdyDcleR1/6YShwKEOj+Ev2NQUfY+ka | |
| LrNGlzqDUsDv+5EPdVfhUnBgjhNillDWYvZNqyvEBhHs+GJdR93uNwQqrE6RXNB9 | |
| ZLMy0HqfBnWnDXsC8iZCUBqu1iFQqJbvmqyvQGkP4BMJE0zp4KaqmE= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=YBdyCGjnWWuH7emK1UkH6McExWY=; b=e9o2O5a7t9fwwd8hrJU67fEY4sx5 | |
| YlXqO5NpYjKLJW9Id9GhCjM+OpWiIwEaKYzQso+cMav4Rba5BEgTM8rKEr9KdPm5 | |
| 9OHfsfjV44BfeQFwfI2Wg0CL8bgXJjmW90h4ome346KxN6jDNqpeIYvwDnrZdFEr | |
| OLWEVhS1gVVDiak= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Thu, 12 Feb 2015 12:10:58 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: group permissions |
| Message-ID: | <20150212111058.GU7818@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <54D7EB4E DOT 6020105 AT towo DOT net> <20150209091445 DOT GA10457 AT calimero DOT vinschen DOT de> <54D91687 DOT 8090301 AT towo DOT net> <20150210092122 DOT GA15989 AT calimero DOT vinschen DOT de> <54DBBB52 DOT 8070002 AT redhat DOT com> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <54DBBB52.8070002@redhat.com> |
| User-Agent: | Mutt/1.5.23 (2014-03-12) |
--n83H03bbH672hrlY Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Feb 11 13:28, Eric Blake wrote: > On 02/10/2015 02:21 AM, Corinna Vinschen wrote: > > o The other way to emulate writing an ACL_MASK entry would be to drop > > permissions from all groups and secondary users so they match the > > desired mask value. This is secure, but in contrast to the other > > solution it would change the secondary permissions permanently. > > Changing the mask back would not change the permissions of the > > secondary ACL entries back. >=20 > Possible enhancement on this idea (I have no clue if it would actually > work, though): >=20 > When rewriting ACE entries because of the just-added restrictive > ACL_MASK, put in some marker that mimics the default deny-all action, > then additional entries in the tail of the ACE list that shows the > pre-modified permissions that we just took away due to the mask. If we > later loosen the mask, we can use the tail of entries to restore > original permissions. And since the tail occurs after a catch-all deny, > they won't grant permissions in the meantime. The trick then becomes > telling when we have stuck our marker in place to represent that we have > injected tail entries to reflect the state to restore if ACL_MASK is > relaxed. I see what you're up to. Right now I'm just a bit side-tracked because I had an inspiration how it should be possible to avoid the reported "slow startup" problem due to slow LDAP conncetions to the DC. After that I'll return to the matter and peruse your idea. In the meantime I also realized that the way Cygwin reads and creates the file ACLs in two different sets of functions (one for stat/chmod, the other for acl(GETACl)/acl(SETACL)) is a rather bad idea. I think I'll take the opportunity to revamp the ACL handling completely to unify the calls into a single implementation with consistent results. Ideally the result is more POSIXy than today. Thanks, Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --n83H03bbH672hrlY Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJU3IpBAAoJEPU2Bp2uRE+gszYP+QFx5s0ODjJ6WRLCpABR9ZFE oVjZGqo8yKB+q614rlfguF5nm2ipULHHH5bGF9q4OHU82r4qBm3hkTFnEGDT0BnZ aZm5SjmaAEXw5Rl5pLShW8PSFaRTmmLerY4Id4YqVv828IBMUqywzg5MyNW68Vd3 O6+flIKGow/d9Txxj80DRlfICu5S7JbrbH0bIDt1mp64xhm8eIFchKKuuL4dgoTZ GW9m5Kv78x6/fAJEtL+ddQrfLkQSJq/o8YQUZH7AFceLCkxpwb751aNfFwVy+JOu XhCd66/X+qolPVXMsD3pXg8ALppqWqwPCSWvGdAMd6bXfLsfETfWi3dtgnQmclfc ZMwLLsRr6jgBU4nJxh0FEwObevKiGPowBFHbmLFByp18EBO/9vr4UFJ9cbKcYy06 o+xJatf1Dq89jgrtIFK1Wx5I3P5S1FXU4n6OMOP5ex8JAyIe+VBuSHvowIMGTAF8 GzqRFtzPhFAFWCQ9f3zJcfYGLD/ZIvWPIDU0aA81b4AyfDfudzgfRCkw1bRGvZOK gKEduDN+D7pjSay93Pm7x7Xe00hxckLXals/fRpY5P+Lx38QS6qZCJk7gm7SwxU+ n/u0EgQ1xLu/TSywbvQwPgq5uhieMW02B4O7DzvKS5tJZjkhqQTl93numBuepKW3 +eGeivbeGwpJhhYXrw62 =4SPE -----END PGP SIGNATURE----- --n83H03bbH672hrlY--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |