Mail Archives: cygwin/2016/02/11/05:25:47
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
|
| :list-unsubscribe:list-subscribe:list-archive:list-post
|
| :list-help:sender:date:from:to:subject:message-id:reply-to
|
| :references:mime-version:content-type:in-reply-to; q=dns; s=
|
| default; b=ht8T6Kf28ZEzxbWRWfwzJjM2ATQk6D9xokpA4F2HxvtbxuQeL8IaZ
|
| NS/KpElqjPA8erNM5mp0Kduuwmjm4QZKBENwJvS691x1X4bgkHfwQlfvdCUr5Ows
|
| gRQe7hI7Mj2E35Pq1JAkVOFZriDF/5xT0s4NejNXnBpch2UXmzZbnE=
|
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
|
| :list-unsubscribe:list-subscribe:list-archive:list-post
|
| :list-help:sender:date:from:to:subject:message-id:reply-to
|
| :references:mime-version:content-type:in-reply-to; s=default;
|
| bh=GNpx2OptDn2LCXx6gwehhoLsCZ4=; b=HqORaMzZF6K7mBAKvFimLKhPbkDI
|
| /PNBSSBOgQRVsHXQpBI8qCrFbeInTPL0YetxT83yQpfQXwIMtoldpylSUPGGrTc+
|
| KxWYnc/NE7H6KJFYqyudAAtNEGFfUgc+aO44vAMrcUpQP/HTRykmTKAGO++8MOmF
|
| ydYaONM5ajUW5q8=
|
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm
|
| List-Id: | <cygwin.cygwin.com>
|
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com>
|
| List-Archive: | <http://sourceware.org/ml/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
|
| Sender: | cygwin-owner AT cygwin DOT com
|
| Mail-Followup-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | mailing list cygwin AT cygwin DOT com
|
| Authentication-Results: | sourceware.org; auth=none
|
| X-Virus-Found: | No
|
| X-Spam-SWARE-Status: | No, score=-95.2 required=5.0 tests=BAYES_05,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=publications, SIDs, sids, H*f:sk:ema091e
|
| X-HELO: | calimero.vinschen.de
|
| Date: | Thu, 11 Feb 2016 11:25:27 +0100
|
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
|
| To: | cygwin AT cygwin DOT com
|
| Subject: | Re: Issues with ACL settings after updating to the latest cygwin.dll
|
| Message-ID: | <20160211102527.GB2378@calimero.vinschen.de>
|
| Reply-To: | cygwin AT cygwin DOT com
|
| Mail-Followup-To: | cygwin AT cygwin DOT com
|
| References: | <ema091e9e3-10a6-4b7d-82af-71a10c2b9077 AT gaming>
|
| MIME-Version: | 1.0
|
| In-Reply-To: | <ema091e9e3-10a6-4b7d-82af-71a10c2b9077@gaming>
|
| User-Agent: | Mutt/1.5.24 (2015-08-30)
|
--O5XBE6gyVG5Rl6Rj
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Feb 10 18:17, xnor wrote:
>=20
> >Which warning do you mean here?
> The "permissions out of order" one. This was not the case before, at least
> not on my installation, so I don't see how this can be called normal.
It was already the case before. It depends on the POSIX permissions
which have to be emulated using a Windows ACL, so you don't see this all
the time. As a funny sidenote, you'd get the exact same when using the
Interix/SFU POSIX subsystem. It had the same POSIX vs. Windows semantics
problem to solve.
Things change. The new Cygwin ACL handling tries to emulate POSIX ACLs
more closely than before. The role model is what you can download from
http://wt.tuxomania.net/publications/posix.1e/download.html and what's
used on Linux, Solaris, and others. The Linux man page on ACLs,
http://linux.die.net/man/5/acl, might be helpful, too.
> >Come on, be fair. The new ACL handling started out early 2015, got a
> >break when I realized that it doesn't work as is, and then got a new
> >test phase starting back in September. Except for minor bugs it seemed
> >to work rather well. Nobody reported this effect in all the 4 months of
> >test period. You don't actually think I wouldn't have fixed it prior
> >to the release if I had known about it, do you?
> 2.4.0-1 was released ~3 weeks ago. I had actually upgraded a few days
> earlier to a TEST version and noticed that a cygwin downloaded exe couldn=
't
> be executed but assumed the exe was corrupt and didn't investigate...
> Then a few days ago the same thing happened again. Now I'm here.
>=20
> Anyway, clearly most users are just that: users, and not testers that will
> install and test TEST versions.
Which is a pity from the dev POV. The test releases are created so that
people have a chance to test changes before they are officially released.
The less people test test releases, the less bugs are found prior to a
release. It's also very simple to install a test release via setup and,
if a problem is interfering, to re-install the current release version,
ideally after reporting the problem.
> >They are not supposed to be modifiable in Explorer. If you want to
> >change permissions on a Cygwin ACL, use chmod or setfacl.
> Is this a joke?
No.
> >> Here is the output from icacls /saveacl for some file:
> >>D:P(D;;RPWPDTRC;;;S-1-0-0)(A;;0x1f019f;;;S-1-5-21-559282050-488988736-2=
019639472-1001)(D;;WP;;;AU)(D;;WP;;;SY)(D;;WP;;;BA)(D;;WP;;;BU)(A;;FR;;;S-1=
-5-21-559282050-488988736-2019639472-513)(A;;0x1201bf;;;AU)(A;;0x1201bf;;;S=
Y)(A;;0x1201bf;;;BA)(A;;0x1200a9;;;BU)(A;;FR;;;WD)
> >Doh, I'm sorry, but I can't read this format very well. Can you please
> >again send the standard icacls output as well as the output from getfacl
> >of the parent dir and the created file? I'd like to have this problem
> >fixed, but I need your help. As I said, it works fine for me and without
> >being able to reproduce I'm somewhat at a loss.
> You can import this by putting it in a textfile and using icacls testfile
> /restore acl.txt.
Doesn't work. First, your machine is using different SIDs of course,
so the SID entries have no meaning on my machine. Second, even after
changing the SIDs to ones I can use locally, icacls /restore just doesn't
work for me. It requires that the path to restore is a directory, and
even when giving it a directory, I get an error:
CMD> icacls C:\cygwin64\home\corinna\subdir\ /restore acl.txt
C:\cygwin64\home\corinna\subdir\?????????????????????????????????????????=
???????????????????????????????????????????????????????????????????????????=
??????????????????????: The system cannot find the file specified.
Successfully processed 0 files; Failed processing 1 files
> As I've said before, my Windows is German. icacls output will be localize=
d.
> Do you really want that?
My german is not that bad, all things considered. "None" is "Kein",
"Administrators" is "Administratoren"...
> What I posted is the only portable way to share ACLs.
Given the SID problem, it's not portable.
Again, do you want me to be able to analyze the problem and, *iff* there's
a bug, fix it? If so, please don't double guess what I'm asking for.
Please provide stock icacls output as well as getfacl output for the
parent dir in which you download the file, and for the file itself.
Don't call the Explorer GUI on the ACL, don't reorder.
> >If you don't want POSIX perms, but standard Windows perms, use the "noac=
l"
> >mount option. See https://cygwin.com/cygwin-ug-net/using.html#mount-tab=
le
> I guess that is my only option right now.
If you're looking for Windows ACL semantics, it's the way to go.
> So what about fixing the permissions like I described?
> So the permissions would be "-rwx------+ MyUser None" in Cygwin for a
> Windows-created file with default ACL.
>=20
> By using the inherited default ACLs there should be at most 3 additional
> ACLs (+1 for NULL SID whatever that is doing):
> - deny r/w/x for user ("MyUser")
> - allow r/w/x for group ("None")
> - allow r/w/x for other ("Everyone")
>=20
> And leaving the inherited ones untouched, right?
> But if you scroll up you will see that in my system Cygwin kills the
> inheritance and I end up with 12 new ACL entries for each file.
You're asking for Windows ACL semantics, As outlined, Cygwin is trying
to follow the POSIX ACL model with "acl" mount mode. If you want
Windows ACL semantics, use "noacl" mounts.
Corinna
--=20
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--O5XBE6gyVG5Rl6Rj
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWvGGXAAoJEPU2Bp2uRE+gbUAP/35lirgR91IabwqOGbzBcMVs
DNUUCmBGBDWTLQZcFb+dvpKxO26KrWRd6HVu2sM05pqwSpXa+Gg+9mE6x0y4G/Xj
ZKRopvgqkO7joJIDLGasvMopJi6grEQOz4FjxzNvah6riUO+wE9kp+S2L2buYqed
9q0SlTWc46c8wH5pBR30HlRU3f3UqyGRaeD4/bA7Af6HRwggcu49cQwTNdOTLTuT
oBIzFWVi5IsM4Mb/e9CZ9+nsrQhqYomBkguKmhcRSRn0+j05lESqXgEPksafCaGP
Kw+ASTz7esgidnP55M5gx2QNGKuVawGkeGozsPkiettSoukg7Y95gq6nGRl7+ri+
NoZlXLZN5kRZpp5O+CUi8lWYh6hY9EoHRAUWeSPA1q6wz9BM5lrWPtxfOb9l4Xkz
9fJe4FJBJ62bveqX1iiCnfx1k43asjc3G2g1hdMUWcq+bn6yqYOAifu2U23i7+gN
iwV0jNzGukoPoUILyUWV7JauFQ5qS60fwSKfR7kwE0I9lIcebFY9XGwf4krjLApo
4v4dAPvuMHRJiwPLGSy5Gq05suXV5433evHHdSTCwkYun22xT9+JbAOVjXZ23oIY
e0a6bBRCCxV2AtczFhkse1H5eqw57QX9Ub7z9cm20nNjGKYIAa984qsdATu7Zy1u
tk7Tn/dX/TAA4YxgwtCG
=C25y
-----END PGP SIGNATURE-----
--O5XBE6gyVG5Rl6Rj--
- Raw text -