| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=fVo3L7jjgFZZa1vGwXrLQZJDkQLrgoyDJC/3sxN/KiUgCBZ6xVR3r | |
| Ggv2DbTDi9FCuq+SCJ2dugFTYnPTq9V+8eECEjtRdy0+9kNQI86EJOuH1x5HZfTZ | |
| /iVrAgetWdaa3q2SbFK90nLKpSBhsVLf1R5S/HasgHZWDvGRJx2e48= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=QprNNNeSdiLLYgqHkk4O6O9F778=; b=d11lhOhVWpvMFBhydBe+AtGi0YRd | |
| 5TYRfW9BdunmpRiq6uIeQ9MUYQVA9M2k2aDQI8aJg1rFwy0paMBBEMSC03XI0wpg | |
| sX6hmG5rItn2jdbIydvLBHG7O2zB6bzU6TsTlT6EgurJvosQuL3BU76ZemIeCp+H | |
| rVyEim/DZV26xbk= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Sat, 11 Apr 2015 11:44:14 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: [TESTERS needed] New POSIX permission handling |
| Message-ID: | <20150411094414.GC19111@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <20150410100703 DOT GA4401 AT calimero DOT vinschen DOT de> <87lhhzcarc DOT fsf AT Rainer DOT invalid> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <87lhhzcarc.fsf@Rainer.invalid> |
| User-Agent: | Mutt/1.5.23 (2014-03-12) |
--4ZLFUWh1odzi/v6L Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Apr 11 10:47, Achim Gratz wrote: > Corinna Vinschen writes: > > - To accommodate Windows default ACLs, the new code ignores SYSTEM and > > Administrators group permissions when computing the MASK/CLASS_OBJ > > permission mask on old ACLs, and it doesn't deny access to SYSTEM and > > Administrators group based on the value of MASK/CLASS_OBJ when > > creating the new ACLs. >=20 > Since you've now opened that can of worms of who is considered "root", > what about "Domain Administrators" or "Power Users", for starters? Nope. The special handling for SYSTEM and Admins will help for the default permission settings on Windows filesystems, and it won't negatively influence the ACL mask handling. > > That means, even if SYSTEM or Administrators have full access to the > > file, the POSIX permssion bits will not reflect that fact. And while > > other users get access denied based on the mask value, SYSTEM and > > Administrators will never get access denied based on the mask. >=20 > If you want to put this to better use in larger settings it would seem > preferrable if it was possible to define a list of users to treat this > way in fstab. Nope, sorry, no configuration for this. Either it's handled without any exception, or for SYSTEM only, or for SYSTEM+Admins. But either way, we're doing it the same way on every system. > Sorry to pile another one on here: Currently it's not possible to use -k > and -b on the same invocation. This works just fine on Linux. I'm not planning to work on this, but as for other parts of Cygwin, I do take patches. > Having the newer getfacl / setfacl from *BSD that deals with NFSv4 ACL > might be worth a shot, ACL handling on Cygwin is POSIX ACL handling. Either that or you set "noacl" and use Windows tools. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --4ZLFUWh1odzi/v6L Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIbBAEBAgAGBQJVKOzuAAoJEPU2Bp2uRE+gfjUP+LMMMPh2U4NTEGgKj8vcDODY 1D74LB0vL3T+XToenjaTSQmNXzTTm1CSAvy03kJ6vyg/n5Ry3VRgvslwAnHji/Nv fpvccXG/smOV0ZerpTqnm1CDcPo2I9jQDPMP3xGRaYSrPquFL4M5DJdbhB9HibBB i7lboIMOugYT9AppcCjlH0sOpR/CsIHiDNOqiX+7Y3U9YFnWdR5MxCAlGggQzAki cg+m9TVXf26724XnLU/MbQ0ldwI+AZWK3xLB0ZZBNabpsIyrBkcwzZhP0ZApeWid O1QDCFs35kZKAY/vQ6WbbRMQBV7FJvJNJNv1Oz+IIzMSfuxUiSoTeOkt8QV7Rj3u bqCRPScXPkmXhVXGrlTeTG+08GaKFsHAs6S6/bxXwk2mSIkCv9ULR7fN/n7GFsRz sfMMEmNuFYp4qE3vqX/xriy+0qMCYe/5qeFofJmoOXUgjuonZ2f4HvlRqcLc6BX1 Arszwp7pwuxZZjtjdKRwe5MBYtK0Uz/j72tBU/ve3JNrGPn68NIrza9TY/+Si4AK hyszJw8ZjKvx1nRqTzz2GfIs1LW9uKjlFEn+HzY7UcmJx6lDvMs9sNnvfLKeZc+a 9s/JUzeSw0/VXhFHe4wkcPzKXj9iSlWGQxumzFwr1x9IwSjAksenfotrj+HTs1X7 6LF3k2JAtQaimlodgnU= =x+KV -----END PGP SIGNATURE----- --4ZLFUWh1odzi/v6L--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |