Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Fri, 31 Oct 2003 01:15:06 -0800 (PST)
Message-Id: <200310310915.h9V9F6oW016115@newsguy.com>
To: cygwin AT cygwin DOT com
From: Dierk Schmedes <dierk AT newsguy DOT com>
Subject: ACLs are not handled correctly

Hi,

first my config: MS Windows XP SP1, cygwin 1.5.5 (actual version - 2 days old)

Problem: nearly each tool that the create or modify a file/directory (e.g. cp,
touch, setfacl) ignore the ALCs of the current directory or add further 
users/groups to it.

Example
/home/dierk has the following ACLs (listed with xcalcs.exe from the MS
resource
kit; same with Explorer)

xcalcs F:/cygwin/home/dierk
f:\cygwin\home\dierk <domainname>\dierk:F
                     NT AUTHORITY\SYSTEM:(OI)(CI)(IO)R

Now I create a new file (e.g. touch /home/dierk/newfile). Everyone expect that
the file has the same rights as my home folder /home/dierk, BUT that isn't -
see
below:

xcacls F:/cygwin/home/dierk/newfile
f:\cygwin\home\dierk\newfile <domainname>\dierk:(special access:)
                                                     STANDARD_RIGHTS_ALL
                                                     DELETE
                                                     READ_CONTROL
                                                     WRITE_DAC
                                                     WRITE_OWNER
                                                     SYNCHRONIZE
                                                     STANDARD_RIGHTS_REQUIRED
                                                     FILE_GENERIC_READ
                                                     FILE_GENERIC_WRITE
                                                     FILE_READ_DATA
                                                     FILE_WRITE_DATA
                                                     FILE_APPEND_DATA
                                                     FILE_READ_EA
                                                     FILE_WRITE_EA
                                                     FILE_READ_ATTRIBUTES
                                                     FILE_WRITE_ATTRIBUTES

<domainname>\Domain Users:(special access:)                                   
READ_CONTROL
                                                     FILE_READ_EA
                                                     FILE_READ_ATTRIBUTES

                             Everyone:(special access:)
                                               READ_CONTROL
                                               FILE_READ_EA
                                               FILE_READ_ATTRIBUTES

 As you can see the ACLs are completly different to the one of my home folder.

Similar behaviour when I use setfacl, it adds automatically the last two (
<domainname>\Domain Users and Everyone) to the ACL even I don't want it.

This has strange impacts if "ntsec" is set for CYGWIN because you may have
than
no access to your own files.

 Dierk


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/