X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Sat, 24 Oct 2009 10:43:50 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: default ACLs
Message-ID: <20091024084350.GV16678@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <1256255127 DOT 2713 DOT 41 DOT camel AT mward-laptop DOT ops DOT acx> <20091023152726 DOT GB5369 AT calimero DOT vinschen DOT de> <1256340075 DOT 2582 DOT 39 DOT camel AT mward-laptop>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1256340075.2582.39.camel@mward-laptop>
User-Agent: Mutt/1.5.17 (2007-11-01)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Oct 24 10:21, Mikel Ward wrote:
> Corinna wrote:
> > Neither the NtCreateFile function, nor the
> > CreateFile function handle ACE inheritance either. 
> 
> Looks like that's only if lpSecurityAttributes is non-NULL, but I guess
> Cygwin uses that field?

Well, Cygwin uses NtCreateFile, rather than CreateFile and it's the 
security descriptor which has to be NULL, not the lpSecurityAttributes
itself in calls to CreateFile, but, yes.

The original idea was to do everything in a single system call for
performance.  This didn't work on remote shares under all circumstances
so there was already code which tweaked the security descriptor after
the NtCreateFile call.

After I sent my reply I experimented some more with this and it turned
out that setting the descriptor to NULL in NtCreateFile was actually
enough to get inheritance working.  There's no need to replace
NtSetSecurityObject with a call to SetSecurityInfo, it would even
lead to wrong results instead of making things better.

I applied a patch to Cygwin CVS which seems to work fine.  That will
be in the next 1.7.0 test release.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple