Mail Archives: cygwin/2015/04/13/03:18:15
--3gk1bTGVZuaU9V5/
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Apr 12 17:19, Bryan Berns wrote:
> On Sun, Apr 12, 2015 at 3:17 PM, Corinna Vinschen
> <corinna-cygwin AT cygwin DOT com> wrote:
> > Hi Cygwin friends and users,
> >
> >
> > New 2.0.0-0.3 test release. It's supposed to fix the pty chmod problem
> > reported in https://cygwin.com/ml/cygwin/2015-04/msg00240.html
> >
>=20
> Just a note: In 2.0.0-0.2, creating a file using touch on the root of
> one of my drives resulted in the with the Windows GUI Security tabs
> complaining about ACE order on the resultant file. In 2.0.0-0.3,
> Windows does not complain and the ACL looks quite a bit different
> (shown below). Not sure if this is a problem or not --- just wanted
> to report the difference in case your fix had an unintended side
> affect. Given my heart skips a beat when I see DENY ACEs, I like the
> new behavior behavior better.
Deny ACEs, if used correctly, are ok. Cygwin needs them to implement
the POSIX ACL MASK value. Consider:
mask: rw-
user foo: r-x
---
effective: r--
Cygwin needs to know that user foo has real permission r-x, so
the ALLOW ACE contains (RX). But the mask value forbids write
perms, so the user gets a DENY ACE, along these lines:
MASK: rwx
foo DENY: --x
foo ALLOW: r-x
So the effective permissions for user foo are r--, while Cygwin
still knows that the actual permissions are r-x.
> V:\>icacls v:
> v: BUILTIN\Administrators:(OI)(CI)(F)
> NT AUTHORITY\SYSTEM:(OI)(CI)(F)
> NT AUTHORITY\Authenticated Users:(OI)(CI)(M)
> BUILTIN\Users:(OI)(CI)(RX)
>=20
> Output from file created from 2.0.0-0.3:
>=20
> V:\>icacls touch-from-3
> touch-from-3 DOMAIN\Administrator:(R,W,D,WDAC,WO)
> DOMAIN\Domain Users:(R)
> Everyone:(R)
> BUILTIN\Administrators:(F)
> NT AUTHORITY\SYSTEM:(F)
> NT AUTHORITY\Authenticated Users:(M)
> BUILTIN\Users:(RX)
I don't believe this is an ACL created by Cygwin 2.0.0 at all.
It's missing the NULL deny ACE.
> Successfully processed 1 files; Failed processing 0 files
>=20
> Output from file created from 2.0.0-0.2:
>=20
> V:\>icacls touch-from-2
> touch-from-2 NULL SID:(DENY)(Rc,S,WEA,X,DC)
> DOMAIN\Administrator:(R,W,D,WDAC,WO)
> DOMAIN\Domain Users:(DENY)(S,X)
> NT AUTHORITY\Authenticated Users:(DENY)(S,X)
> BUILTIN\Users:(DENY)(S,X)
> DOMAIN\Domain Users:(RX)
> NT AUTHORITY\Authenticated Users:(RX,W)
> NT AUTHORITY\SYSTEM:(RX,W)
> BUILTIN\Administrators:(RX,W)
> BUILTIN\Users:(RX)
> Everyone:(R)
The ACL looks vaguely ok, but I'd need to know the owner, group,
and what Cygwin thinks the ACLs look like in POSIX speak (getfacl
output).
I'm AFK most of today, though, so a reply may take a while...
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--3gk1bTGVZuaU9V5/
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJVK22eAAoJEPU2Bp2uRE+grtcP/1htIKHBwrI6Xie4GMk0O2lx
TEXX3omAtlxkcW1UZtAPm2ZCZVgGW4kK209WWUXfrxqe0nSPmtLtnYPbM6ZwiMLK
dtLzRoDdWBILGVDf+kPL/xFqGFVxbcVdJdEi+RdYLbTvi5QhDAqw0KGO4UHH1zrL
XKhUND/qi1zMu/Tc7U5VO5qnTWb93Tvdu06HW1StrepIY0nRA6ftnFeRWP8o1TPk
JBO5WKWBFwy6DROhwZW1asPnMuDTEph++jIg/yScmv2nSBMfpadZ0k9hzK2ty12E
IwCmc+m/asR2J9Ke//ioypAmUe1QJzqw9f9R3b6kkbCVcQT4wdL50QnzxSslw+GL
uzl/yFly+7G5WEADvj+QI6cSoJ3F6XX8HzG/vSA/uKwX11rm74XI8fvBeOJFECky
jwWDll2q+XjOWS231y3nj4GREZKgVoq0xjYJpuO8TzoVILPCKOPes6E4a57Q05DF
ZRaCfKWnmjJueWEDl3qRUnUcUjoOMg6vPMCTHEN0rKjkgX48UETt/hgJQHz8tuKC
ciiCnEJZhjBz85n645UsbCt2pbdo8HZNpMbWdAFwwpkghV7E2L10PYSfDDEqohjr
oBkzXd7yMLCWtsQXoaV3wIR8/u1F0BC2gvNQADA2WWXzlcCszCgrRTR3+WyFYQ2D
8d8pyNSbpaksW7rhWdU7
=SWH/
-----END PGP SIGNATURE-----
--3gk1bTGVZuaU9V5/--
- Raw text -