| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:to:subject:references:date:in-reply-to | |
| :message-id:mime-version:content-type; q=dns; s=default; b=Ms8gr | |
| HglSwE5k3VntPaNj5i+12ScP2f4V7/Nq2WfDlOLoljx0GeZl8+xILv7BOfQN2nKc | |
| 8e3QVwA0wYEOlhzSPM/gTmAaaV/MFIXd2RxXSL7sTLcFtyMWn1xu6cgeNDdgAp12 | |
| EJQ+TzQAVzEXyFeJuxEOcJfv7sSWozkf/ozsnY= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:to:subject:references:date:in-reply-to | |
| :message-id:mime-version:content-type; s=default; bh=MgXtuxu2rrk | |
| npt6nwYmSESKjKFY=; b=u2SPmJ9aXwHOiopDSAM6TCCKUtn1RX/2bMCLDV5ACg3 | |
| kbQ6YMpNRbasnvc+X6yreBjDBnBflOuOtcIafwbMebmSPpDRhyQibzSUSxj8Kmjo | |
| +lRSoEVamt3rJGu8KBmGq232nEruaYfVYzdm7PS+U+qmIMGAk7hx6FgDJzosqWEk | |
| = | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-2.1 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 |
| X-HELO: | mail-in-11.arcor-online.net |
| X-DKIM: | Sendmail DKIM Filter v2.8.2 mail-in-01.arcor-online.net 3mtCqZ62DvzFQgK |
| From: | Achim Gratz <Stromeko AT nexgo DOT de> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Shares with strange ACL settings |
| References: | <20150812152601 DOT GL13029 AT calimero DOT vinschen DOT de> <loom DOT 20150812T172703-7 AT post DOT gmane DOT org> <20150812155817 DOT GN13029 AT calimero DOT vinschen DOT de> <878u9g9y6b DOT fsf AT Rainer DOT invalid> <20150812183220 DOT GO13029 AT calimero DOT vinschen DOT de> <87vbck8h92 DOT fsf AT Rainer DOT invalid> <20150813163302 DOT GB28349 AT calimero DOT vinschen DOT de> <20150813175302 DOT GD28349 AT calimero DOT vinschen DOT de> <20150814082959 DOT GE28349 AT calimero DOT vinschen DOT de> <loom DOT 20150814T125223-728 AT post DOT gmane DOT org> <20150814134552 DOT GG28349 AT calimero DOT vinschen DOT de> |
| Date: | Fri, 14 Aug 2015 20:25:11 +0200 |
| In-Reply-To: | <20150814134552.GG28349@calimero.vinschen.de> (Corinna Vinschen's message of "Fri, 14 Aug 2015 15:45:52 +0200") |
| Message-ID: | <87fv3l683c.fsf@Rainer.invalid> |
| User-Agent: | Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) |
| MIME-Version: | 1.0 |
Corinna Vinschen writes: > Cool, thanks for your quick feedback. Thanks for the snapshot! > We should just be aware that this is ultimately a kludge. I think I now > finally understand what would have to be done to get a generic solution > which results in correct POSIX permission evaluation for any current > user and any file ACL. However, from some preliminary testing it seems > the generic solution has at least two downsides: > > - It's slow (AuthZ code, setting up and breaking down user/group contexts > for each checked file...) > > - It would always contact the AD when trying to fetch info for AD users, > which is bad for remote machines not or slowly connected to the AD server. I think we've came to the same conclusion (modulo the question of whether AuthZ would be usable for this) some time ago. My personal take on this is that the "kludge" is likely better than both what we had before and the result of the pre-snapshot ACL evaluation. If that also solves the problem of denying oneself file access by simply copying a file with carefully crafted ACL, then I would say it's good enough for most circumstances. Probably not good enough to pass the Perl filemode tests during build, but they have some problems in their design anyway. > Anyway, this isn't pressing so it would be nice if you keep on > testing. As I said, I need some time next week to switch things into a mode where problems could potentially show up. I don't expect any, but I don't pretend to understand all the edge cases completely either. > I'm planning to update to 2.2.1 only after a certain pipe problem just > discussed on the #cygwin IRC channel is either fixed or settled any > other way, > > Btw., can you please also check /proc/cpuinfo? Yes, I have both AMD and Intel machines I can test this with. > As discussed, Cygwin's emulation fell short on L3 cache info. I now > added code to fetch L3 cache info as well as correct processor topology > information on Intel CPUs. For AMD CPUs the topology and cache > info was already fine. Linux does not show L3 cache info for AMD CPUs > afaics, so I also didn't add that to Cygwin. I can't test this with a new enough kernel for AMD, but perhaps someone is testing some new iron/OS combination and I can get that information from them. For Intel since some time the L3 cache size is shown (older kernels would show you the per-node L2 cache size IIRC). Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptation for Waldorf Blofeld V1.15B11: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |