Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <41FA3C1E.7090706@byu.net>
Date: Fri, 28 Jan 2005 06:20:30 -0700
From: Eric Blake <ebb9 AT byu DOT net>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: ACL questions
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Several places in the coreutils testsuite died because new directories in
cygwin have 7 ACL designations (user, group, other, mask, default user,
default group, default other) instead of MIN_ACL_ENTRIES (4, for user,
group, other, and mask), so their `ls -ld' listing gives a mode of
drwxrwxrwx+ (that extra + denotes extra ACLs).  It looks like the cygwin
default entries for each directory mirror the user, group, and other values.
$ mkdir dir
$ getfacl dir
# file: dir
# owner: eblake
# group: None
user::rwx
group::r-x
mask:rwx
other:r-x
default:user::rwx
default:group::r-x
default:other:r-x

My limited testing on Solaris 8, which also supports ACLs, only added
default entries to directories when I specifically set ACLs, and not when
I created a directory, so `ls -ld' never displayed the '+' in the mode
string until I played with the ACLs. See also the example on
http://www.ids.org.au/main/tutorials/acl_howto.php.

POSIX XBD 4.4 File Permissions permits ACLs, but states that ACLs must
either be additional (more restrictive, never less) or alternate (in which
case they can be enabled only on a per-file request, and that they are
disabled when permission is changed with chmod()).  My understanding is
that ACLs are alternate, since I can grant more access to a particular
user or group than the one that actually owns the file.  And if that is
the case, I think that `ls -ld' should never list the '+' at the end of
the mode string for alternate access unless I used an facl() command on
that file or directory.

Could this be a bug in cygwin/sec_acl.cc's getacl() for creating directory
default ACLs that are no different from the owner's permissions when
parsing the Windows permissions?  Or is it really valid behavior that all
cygwin directories start life with default ACL entries, in which case
either the coreutils testsuite needs to account for the '+' in the mode
(or else patch `ls' to treat 7 ACL entries on directories, with the 3
default entries matching the corresponding directory owner permissions, as
normal and not extended access)?

- --
Life is short - so eat dessert first!

Eric Blake             ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB+jwe84KuGfSFAYARAmdqAKCMOvxKIBKcbgMroTLzhh8BytzZagCeIOp7
LjrmagkuzdW6xK1s3xfDJ00=
=5qg8
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/