DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 5AFI6Wrf623143
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 5AFI6Wrf623143
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=TaK9WNM+
X-Recipient: archive-cygwin@delorie.com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 328233858CD1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1763229990;
	bh=fIttfRcLcn4rjYdo5nlukIGX6ksPc2sGPt4OgMdfgUc=;
	h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=TaK9WNM+EJdhwyeGGIZeFu6apVecxDQnH3Sy/QUHLerdoXc4RPWd5Mplv/cdTIjtY
	 ZhQzy+/C0/hx30T2NzrLBZrPGJOYE/xhQR9vpwpkijqi2CQfPOFBzdeuG1he0372KA
	 sflHCLpV5iIkrY/xskRtOfB3eS8+1Q0cb1BauBBw=
X-Original-To: cygwin@cygwin.com
Delivered-To: cygwin@cygwin.com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F06983858D1E
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org F06983858D1E
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1763229967; cv=none;
 b=uEDtKVNbb2RZCsr2bj+3IX5yIk3sCMBHLNN3y+FFYGUgM/3ct3+LHkD5P2ms1z1+3YnI1ICkG+SZuL5rE3hwhMPBAUtmHoz4wBoHKhpJa8r9RbHkLCJUZQNIujEKjIsKDUltRDLN/IcqHEkSrycbXGP7VxeZAFUCD6kqZF8bi28=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1763229967; c=relaxed/simple;
 bh=lIieaxXERtWeEyJZYkl8LM8PoZB1yj0mN1Jos7Fnung=;
 h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
 b=Exyfd2b0At0/9l7q7BumMzZ2SJHyPb8qo0BQ6HHMVZN6cE71+nfnEZxouPaqtAmTacHFH2umYwafOfMbT6cTAYFV0Gx0qcVKsjgZApStKqyGKj4IbrkUxihuddj1YcYYYW07J8dM5v2/to5/hkeacIJWEOcABPkCT8+Siih7pNQ=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F06983858D1E
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1763229965; x=1763834765;
 h=content-transfer-encoding:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=lIieaxXERtWeEyJZYkl8LM8PoZB1yj0mN1Jos7Fnung=;
 b=T218UTR0plOb2gKonNNGOQlrxHVO/ZkWNh0vweuVTZh67lN6swi3/M5fJPaxTfZEMh
 yYQL+7jsm40py2zuCTdM+LXZNzs2SkQ0kOw12H2mqUD4uVitACgrAeRMxbpiQ2eCRmkf
 sFzc/ozI9c9m//eghG+SlZxILWwMZSykke3UXPiV+I4hTs8MUw1Gk23PgMfRfwRcT2mF
 MqNvpaSvH98z4Jvte7AmrMU9wpSTDaYyn32dXQ/t+BPy2zzXWFywPWecjA/J6I3jIlCP
 uSP4cU/prZIVYvekmCKg1FM/D5VwA51hUFoDSI4nThN3wu4g8XJSIVn5PI6ayRE0olHW
 RuPg==
X-Gm-Message-State: AOJu0YweyORKB8UyBLyOxurRBAYH+FYmXk0ZC/WinhYBp1rb6BNk4EXk
 RHo81FxZe99tbdzwY8Y5BGeyWUBDgv2VRtlXHNPatX4s9pT4YQ4QwZ4snoxRaCqXF5FJ2+Hufx4
 sT3cqwWOcKsGk889akJVHQOpuSX/UC2uX3+Dwh04=
X-Gm-Gg: ASbGncsR31Jw6Zy+uSE1I3bA+nhlqvE13eH5BCqiCQRpqXiryGdjxGzGssJXiVby9TV
 UGTBzRKfEyWKO8o4pEnJFolkf7Wwj7o2gg5KJgVPIhtYLCyeOew56ueEk2emK2teO/hSB+oymRL
 GBbWEdOL0dFVM+zvQvXpUwiW/88ZtmpYW4UpMCd3JeuoCoXC0bgx7b16MMaAQ0daD+n3mzGFnkB
 VkmYBMUsvREj8tZKZiPP+4wJVm9F+9mW3VJEOndbVMZnz+1Z5q3qOq74xUu3bmYviH7waVIkpib
 In13vQ==
X-Google-Smtp-Source: AGHT+IG2V2Rf5khyA5TVCuNfFm4IwwbXNJZPhCo8uXNlmLthIesT74IstMsspj0ZS5Jtkgu3PLNE/CfgodAJsIJneoE=
X-Received: by 2002:a05:6402:893:b0:640:931e:ccac with SMTP id
 4fb4d7f45d1cf-64334c7e4f1mr7465393a12.7.1763229965256; Sat, 15 Nov 2025
 10:06:05 -0800 (PST)
MIME-Version: 1.0
References: <CA+1jF5q8VmGAiUyrQQ1dLa_0KLByfsFLtic86kr61HTTFAm9oA@mail.gmail.com>
 <0a1391ac-adba-4420-b581-ccdb3842109a@towo.net>
In-Reply-To: <0a1391ac-adba-4420-b581-ccdb3842109a@towo.net>
Date: Sat, 15 Nov 2025 19:05:00 +0100
X-Gm-Features: AWmQ_blLmJu1Vb2b-1SaaVrwK6kfcQv_EBQve_zzwo_-7AZ-OaCmyVq8Ucm1Dl0
Message-ID: <CA+1jF5r47SbFZHk4rp0z8K0ezGhrZpaVUu6pKMb=4VJnYQ0vcg@mail.gmail.com>
Subject: Re: Cygwin API to atomically create a new file with an ACL?
To: cygwin@cygwin.com
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
From: =?utf-8?q?Aur=C3=A9lien_Couderc_via_Cygwin?= <cygwin@cygwin.com>
Reply-To: =?UTF-8?Q?Aur=C3=A9lien_Couderc?= <aurelien.couderc2002@gmail.com>
Content-Type: text/plain; charset="utf-8"
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie.com@cygwin.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 5AFI6Wrf623143

On Sat, Nov 15, 2025 at 3:43 PM Thomas Wolff via Cygwin
<cygwin@cygwin.com> wrote:
>
>
> Am 15.11.2025 um 13:58 schrieb Aurélien Couderc via Cygwin:
> > Does Cygwin have an API to atomically create a new file with an ACL?
> >
> > Aurélien
> I don't think there's such an API in POSIX. Instead it's the purpose of
> the directory default ACL entries to support this.
> While the manual pages of setfacl/getfacl are lousy, a fairly lucid
> description is in 7.6. POSIX Access Control Lists | Administration Guide
> | Red Hat Gluster Storage | 3 | Red Hat Documentation
> <https://docs.redhat.com/en/documentation/red_hat_gluster_storage/3/html/administration_guide/sect-posix_access_control_lists>.

That does not help. There are valid use cases, where this becomes
security relevant due race conditions between file creation and
setting of the ACLs.

That's why all mainframe operating systems (and Windows WinNT as VMS
descendant) which support ACLs also support file creation with ACLs as
an argument.

Aurélien
-- 
Aurélien Couderc <aurelien.couderc2002@gmail.com>
Big Data/Data mining expert, chess enthusiast

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple