| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :mime-version:content-type; q=dns; s=default; b=Cq38ryHC+WMxYHnd | |
| GDvmRqUyrSb4BN/2qoGkSIkU98M9sUaVM/xUcSTkPgGNrmm6xwOZskDSP7YAyXWg | |
| coCwI1o3Mch5N2qbek+/+Unx1ejekdBhYlZlOa/zV8ST4JC9G+fLkKD7hpm5trhY | |
| j7zl5V69uTU3p/6GouJEaAcPPHg= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :mime-version:content-type; s=default; bh=q4ktlIFpp56Jx0wQLXppJ8 | |
| Gip5o=; b=yBrqbtSRxJxVGI4ievS4U6RFd3IpRl55zGdf2DC8PE2CGTbB9BPbcm | |
| GsazTW275kkE7ifa/T9xNAi0OHbeGAS+z18/u++ZuXvEkEuUdDHSOcGQm1dAi4MN | |
| gFwJf1YJdGd+jEQeGXjzzRSvlLVeH8I38KGVrYlpEZgPxj95OsbC8= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Fri, 10 Apr 2015 12:07:03 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | [TESTERS needed] New POSIX permission handling |
| Message-ID: | <20150410100703.GA4401@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| MIME-Version: | 1.0 |
| User-Agent: | Mutt/1.5.23 (2014-03-12) |
--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi folks,
I just applied a patch I'm working on for quite some time now. As I
outlined before on this list, the POSIX permission handling has aged
considerably and, for historical reasons, did things differently
dependent on the calling function. I took the time to reimplement the
core functionality to handle all ACLs as strictly following POSIX ACL
rules as possible.
Cygwin now generates ACLs in a certain way, always following the same
construction rules. The new ACLs are always recognizable as Cygwin
ACLs. The always start with an Access-Denied ACE for the NULL SID with
certain bits set. Any ACL not starting this way is handled as a
non-Cygwin or "old style" ACL, but still trying to evaluate the ACL as
strictly following POSIX rules as possible.
Two other noticable changes from before:
- To accommodate Windows default ACLs, the new code ignores SYSTEM and
Administrators group permissions when computing the MASK/CLASS_OBJ
permission mask on old ACLs, and it doesn't deny access to SYSTEM and
Administrators group based on the value of MASK/CLASS_OBJ when
creating the new ACLs.
That means, even if SYSTEM or Administrators have full access to the
file, the POSIX permssion bits will not reflect that fact. And while
other users get access denied based on the mask value, SYSTEM and
Administrators will never get access denied based on the mask.
This should help in Cygwin<->Windows interoperability.
- The new code now handles the S_ISGID bit on directories as on Linux:
Setting S_ISGID on a directory causes new files and subdirs created
within to inherit its group, rather than the primary group of the user
who created the file.
But note that this only works for files and directories created by
Cygwin processes. The group change is not supported automagically by
Windows, so the process creating the new file has to change the file
group silenmtly after creating the file.
Apart from bugfixing the aforementioned code, there's still work to do
on the getfacl and setfacl tools:
- The getfacl tool needs an extension in output to print the effective
permissions on users and groups restricted by the mask value.
- The setfacl tool needs code to compute the new mask value, just as
on Linux.
I'm looking into that next week.
Please give the new code a try. I uploaded new 2015-04-10 developer
snapshots to https://cygwin.com/snapshots/
Probably next week I will also create a test release which can be
installed via setup-x86{_64}.exe.
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJVJ6DHAAoJEPU2Bp2uRE+gTiMQAJlNEU5HW/jiK6/yxQQXvqth
knw/QFmqMEqMxhw5X2tBKhdvNN+o95cLAOZZV0gRbqfCyK2K4Cb6Sz8rat58j2Bz
bLMthfwswPcR3xLof9Cs+bXzqiyXF1HBV/yeuFMR4DlQv628ZakqO7YMMd9ZhiDy
ysiCFyjMeiNHJBwCSacqpzBusu7xDaYH1HyZnjpWl/7uoNt5j6ktMc/LtdCQv6zF
rr6qAzatjC5TCQW7/96ULk4/umJeu1QBLuYZ5HKvwsLcUuwf6lgsgNa2PbHDWo80
d2lFfm0J8T4c3ZXfFKt7qfurPyNUkckTmEyIIkacAEQE7UYUR2jOiAw5aLK+cMZn
KZ5ruHJ1MSUBkDlUOcWaEYoiYg9QScaWIV51GnMu7fNv473ZvLadzg9xyZpgvddz
s+sUywYeYI8+dtRCcUiPRp4Tqu7rUxx9UNfzGGeiKSV43ENj4surtQRAIRQxXiuH
c/WER8P0rqKsDpUMVTOODJRJjM7HxSRScdOt0/NJCbmDBx/f1AVeEMHBxjYo4Y6C
l7+vFJqoTkmrdw9EzgiScT7Z7anzcY8x8fAxUN4AZnG5/oW6ERCmMQdZ6LFq8iNx
ZvBEmoWFbjoe9MIX/8QLERlseCkFT4AT2Eqipwd7NQxq/EfxNZ8Y5O6ns10l8hGR
NRM3BpSNXFJaSgHMRI8a
=wJTL
-----END PGP SIGNATURE-----
--a8Wt8u1KmwUX3Y2C--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |