X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Tue, 30 Sep 2008 18:33:46 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Cygwin Everyone group permissions and Vista "shared files" 	(*not* shared folders)
Message-ID: <20080930163346.GK11053@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <5e4cc4153gf115hcpi4ilk2s787klg6sra AT 4ax DOT com> <20080929165252 DOT GC11053 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20080929165252.GC11053@calimero.vinschen.de>
User-Agent: Mutt/1.5.16 (2007-06-09)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Sep 29 18:52, Corinna Vinschen wrote:
> On Sep  9 07:47, Barry Kelly wrote:
> > Unfortunately, Cygwin creates an ACE for the group Everyone, even with
> > umask 0077, or after chmod 0700 is applied. Specifically, this is what
> > it looks like using cacls:
> > 
> >                      Everyone:(special access:)
> >                               READ_CONTROL
> >                               FILE_READ_EA
> >                               FILE_READ_ATTRIBUTES
> > 
> > How can addition of this ACE be controlled or prevented by default for
> > Cygwin applications?
> 
> It can't be prevented right now.  I added "don't create null
> group/everyone ACEs to file ACLs" on my Cygwin 1.7 TODO list.

Fresh back from vacation I missed the crucial point here.  Sorry.

The real answer is:  It can't be prevented and there are no plans to add
code to prevent it, since these read permissions are required to get
POSIX-like permissions.

Unless, of course, you go without POSIX permissions entirely.  The
setting for this is the "nontsec" keyword in the environment variable
$CYGWIN until Cygwin 1.5.25(*), which has global scope, or the mount
point option "noacl" in /etc/fstab starting with Cygwin 1.7(**), which
has a per-mount point scope.  Using nontsec/noacl will result in getting
Windows default permissions instead of POSIX equivalent permissions.


Corinna


(*)  http://cygwin.com/cygwin-ug-net/using-cygwinenv.html
(**) Preliminary docs:
     http://cygwin.com/1.7/cygwin-ug-net/using.html#mount-table

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/