delorie.com/archives/browse.cgi | search |
X-Recipient: | archive-cygwin AT delorie DOT com |
DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
:list-unsubscribe:list-subscribe:list-archive:list-post | |
:list-help:sender:to:from:subject:date:message-id:references | |
:mime-version:content-type:content-transfer-encoding; q=dns; s= | |
default; b=Q3RyWsgSUm9nizEfmEXx7i/W0SCX113aVgKemT/hFmvy9y6Q/8Yyy | |
Kxwwl+bdxrbR3E83+AqPozPUtHHxie4M/tSnpY19aN70vRrIolv22JJ8A+Qw4DZ6 | |
b2VQPvtcGcc5Q77cNaSrGn9tnR0annkxBRi+T9+RSpWBkGoefLHkBw= | |
DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
:list-unsubscribe:list-subscribe:list-archive:list-post | |
:list-help:sender:to:from:subject:date:message-id:references | |
:mime-version:content-type:content-transfer-encoding; s=default; | |
bh=TSmDhpxvuq8dkU/+y/9IrwrbC0w=; b=Oim+TM8DuVyCPuclfCjSjmdwiIE9 | |
Dr7tj0dPyra1ZmYafqSwhCvzPfXWHbMPmc80CwyLl0VmN7o0cEA6lXHye+0/aHJn | |
BAXkGIgEYru4myIcA8B+Na92qqJJlroH+L/T2E2Kqa+6R2Ges4JGPxrMHykPN/zP | |
IAE7QrPy06jmQ+I= | |
Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
List-Id: | <cygwin.cygwin.com> |
List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
List-Archive: | <http://sourceware.org/ml/cygwin/> |
List-Post: | <mailto:cygwin AT cygwin DOT com> |
List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
Sender: | cygwin-owner AT cygwin DOT com |
Mail-Followup-To: | cygwin AT cygwin DOT com |
Delivered-To: | mailing list cygwin AT cygwin DOT com |
Authentication-Results: | sourceware.org; auth=none |
X-Virus-Found: | No |
X-Spam-SWARE-Status: | No, score=-4.0 required=5.0 tests=AWL,BAYES_05,FSL_HELO_BARE_IP_2,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.2 |
X-HELO: | plane.gmane.org |
To: | cygwin AT cygwin DOT com |
From: | Achim Gratz <Stromeko AT NexGo DOT DE> |
Subject: | Re: Shares with strange ACL settings |
Date: | Wed, 12 Aug 2015 15:50:14 +0000 (UTC) |
Lines: | 42 |
Message-ID: | <loom.20150812T172703-7@post.gmane.org> |
References: | <loom DOT 20150811T101658-176 AT post DOT gmane DOT org> <20150812152601 DOT GL13029 AT calimero DOT vinschen DOT de> |
Mime-Version: | 1.0 |
User-Agent: | Loom/3.14 (http://gmane.org/) |
X-IsSubscribed: | yes |
Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes: > I don't know what to do about this. We're talking back and forth > about reflecting group perms into user perms and whether we do it > or not, it always seems to have some downside on some installations. Since there are fundamental differences between how Windows evaluates ACL vs. what POSIX expects this problem isn't going away anytime soon. Depending on how much control you have over the default or inherited ACL you can pretend these differences are non-existing with varying degrees of success. Another fly in that ointment are the Backup/Restore privileges, but these you can control if you are aware of them. > > So, it would probably help if I had a mount option to force the ownership to > > some account that I am never logged in as, either via a mount option or > > whenever the POSIX user modes are all cleared. I don't know if that might > > confuse applications when they check ownership on newly created files, > > though. Is that something that is implementable easily so it could be > > tested via a snapshot? > > I'm not sure I understand the idea of mounting w/ an explicit user account > and how this might help. What about just using the noacl mount option > for weird shares like the above? That mount option would ensure that the ACL are actually consulted by a POSIX application when the user mode bits are all cleared since the file would appear not to be owned by the (E)UID. The only other option I can see would be to augment stat to traverse the DACL when both these conditions are met: the file is owned by the (E)UID of the calling process and the user mode bits are all cleared. That is, do the faccessat on behalf of the application that it would otherwise (likely) do if the file was _not_ owned by the user. Of course you can't really know why stat was called and that might impact perfromance quite noticeably. As to "why not use the noacl option", that makes the file mode tests completely useless and requires more elaborate error handling that would otherwise not be necessary. Some users and scripts they have written are not prepared for that extra complication. Regards, Achim. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
webmaster | delorie software privacy |
Copyright © 2019 by DJ Delorie | Updated Jul 2019 |