| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=Z8jz/s7wRVQVfQL5Zc6WkthfPo712xHCHUw6r76bLFiTnua25iS1p | |
| N+NLTaDC2PSc7j2bopueSBS53DGUR5Jl3QpxaWOEdSv4C9ieTQ7Eo6ebYUdjQttj | |
| ybCoPctEqnNVlmyNIYqi2sUgBfn3nqy+rDBAtF5/QRqZqp+Reu0amM= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=Z0i+stwOnhfl5t9ag9KIbUKEuws=; b=RqkaXdSXUAGD6ei87MNUsR8vCOo7 | |
| pWc/OVPthvFDTXOzliLdwB1WR3sihl+jDL/+RZaFpbdmVv3Z4XoLuw5+rAcz13sC | |
| 5F6S6hTxfxYiWc8zVOALAvQoQNjrjzVe67ItTPdNza1QVvM283FjVJd6arO4ZNRO | |
| JW+Anbn2quoF8+w= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Thu, 13 Aug 2015 19:53:02 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Shares with strange ACL settings |
| Message-ID: | <20150813175302.GD28349@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <loom DOT 20150811T101658-176 AT post DOT gmane DOT org> <20150812152601 DOT GL13029 AT calimero DOT vinschen DOT de> <loom DOT 20150812T172703-7 AT post DOT gmane DOT org> <20150812155817 DOT GN13029 AT calimero DOT vinschen DOT de> <878u9g9y6b DOT fsf AT Rainer DOT invalid> <20150812183220 DOT GO13029 AT calimero DOT vinschen DOT de> <87vbck8h92 DOT fsf AT Rainer DOT invalid> <20150813163302 DOT GB28349 AT calimero DOT vinschen DOT de> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <20150813163302.GB28349@calimero.vinschen.de> |
| User-Agent: | Mutt/1.5.23 (2014-03-12) |
| Note-from-DJ: | This may be spam |
--kfjH4zxOES6UT95V Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Aug 13 18:33, Corinna Vinschen wrote: > On Aug 12 20:59, Achim Gratz wrote: > > Corinna Vinschen writes: > > >> I think so, but there are likely some corner cases. But I think that > > >> had been proposed and shot down already, so I was trying to come up = with > > >> something less intrusive. > > > > > > This is relatively unintrusive. The current user token is always > > > available. So if owner =3D=3D current user, for every group in the f= ile's > > > ACL just check if it's in the current user token and, if so, add the > > > perms of that group to the owner perms. > > > > > > Sounds pretty neat as an intermediate solution to me. > >=20 > > I'd play the guinea pig for that snapshot=E2=80=A6 :-) >=20 > This puzzles me a bit. As example you gave something like >=20 > ----rwx---+ gratz Domain Users [...] foo >=20 > Given the code in recent Cygwin versions, this shouldn't happen if the > user gratz is member of the Domain Users group. The current code > doesn't test all groups in the ACL, only the primary group, but that's > sufficient in most cases. >=20 > So this could only happen if you modify the permissions of windows files > using Cygwin tools and Cygwin helpfully gernerates a DENY ACE for the > owner. >=20 > I'm just not exactly sure about the way to go to get these permissions > in a non-artificial scenario. But I can reproduce it like this: >=20 > - The file xxx has a primary group different from the group which has > permissions, e.g.: >=20 > owner: foo > pgroup: foo_group >=20 > acl: 1 entry > bar_group: full control >=20 > - ls -l xxx > ----rwx---+ 1 foo foo_group 68565 Aug 10 10:37 xxx >=20 > - $ chmod g-w xxx >=20 > - Afterwards, the POSIX-like ACL looks like this: > $ icacls xxx > xxx foo:(DENY)(S,RD,REA,X) > foo:(D,Rc,WDAC,WO,RA,WA) > foo_group:(RX) > Everyone:(Rc,S,RA) > bar_group:(RX) Oh, I get it. This is *because* the current Cygwin doesn't check membership of all groups in the ACL. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --kfjH4zxOES6UT95V Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVzNl+AAoJEPU2Bp2uRE+gtFwP/RbS3SRau/Fts5VeObPh+aqA EJcYt578Byp5rCdIs4oVcWwXqg1vNQUjTpiMgTtucIHFc1yk6IQ1iMtaTEGBn84t fUsrZLP9g21C7asCXz9qTvqHVW4BcLo4JiD7sOz4fRVyJ49RCOphEmGtR8HKZqmo 2rbEIzsN9bYIMzu0oaioPAgilmgvsh3NiQgFNiZ8tldFrMKu4I7FErN+VyGW2SU5 u9zdxeOdjW0qXwvgfsWpD9AS8htz8l4AYi9QFiCLqdoghL5ovmQ4XXPcbduFV+kW OMHLITeGicScmS4viKWETQzcQBJs8hpdLKc6x5Ud1+K/Try6KBdK5owYedie4x8M 583YRnoOfXOjPLCLlHIV53aR0B6IzG4WgItKfY9IQMFMOjxqRZCvEYHs1xYuJqhJ MjC4iQYsq50zsZpqHDm8PoB+FMPYNXOpltxCkC2Ew7LR/rPP834p7qjcjNNf6LAa INdWAFlbjGEJGSpDamxRNekxIIQXHxJ9mWoFahjjcPXvPnwRtHn495qr8M19pNhJ 9eKfdmeqQzSQd7RQyC4rtJk+bsxCnVRf3usUwiB1jfSKScNpxJJ5RE2XOENqDU6E wEtsAmG9AS1NmN0V3P9rdX74BnCZlVeOzU+qn/sN5ANrJeVfJNa83bBU3mQsScMZ 8sAEhDbVRvKIqC98uNfp =6jIO -----END PGP SIGNATURE----- --kfjH4zxOES6UT95V--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |