X-Spam-Check-By: sourceware.org
Date: Thu, 2 Nov 2006 21:47:43 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Cygwin NTFS permission listing oddness.
Message-ID: <20061102204743.GZ8323@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <45453F71 DOT 5040309 AT tlinx DOT org> <20061030094218 DOT GK8323 AT calimero DOT vinschen DOT de> <454A3F67 DOT 6070103 AT tlinx DOT org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <454A3F67.6070103@tlinx.org>
User-Agent: Mutt/1.4.2i
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Nov  2 10:56, Linda Walsh wrote:
> You somewhat answered my question, indirectly. 
> I wasn't aware windows had a "group" security descriptor
> in addition to the user-owner-creator field. 
> Where does it store the information? 

In the security descriptor.  There's no such thing as a "group security
descriptor".  The file's security descriptor contains all the info,
including owner, group, and DACL.

> It seems odd to have a Windows group field that no Windows utils
> would be able to set (or view).  Is the windows group field
> actually used for anything?

Actually it's not utilized in Windows and for that reason not made
visible in the UI(*).  The group field in the NTFS security descriptor
is necessary to be POSIX compliant though, that's why it exists.  Same
goes for the primary group in access tokens.

>    My NT-Win knowledge is nowhere close to my *nix knowledge, but I just
> didn't know of a windows-group field on files/processes, etc.  I thought
> it was a "pseudo-security" field that only existed in cygwin and that
> cygwin somehow simulated by, perhaps, storing the info in an ACL...?  

Nope.

>    I'm not able to find a reference to a file's groupid via google,
> but I may not know the correct search terms.  Is there a reference
> to the group field on MS's tech pages somewhere?

You could start here for instance:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptors.asp


Corinna


(*) It's utilized indirectly through the Creator Group SID (S-1-3-1),
    but afaik it's not used in standard Windows SDs.

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/