X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=eCH2nclNFzUAP75ruCMffKsFdej5UkgM+L4EwwlWO6GkWr8uHu/FD
	IHF238Frc+A2yegizGaNPO0qmau13QMccY4NCSoU8MLT69ZPTnQkhCSEU2DmB2h6
	fZJMdbdMBsjkWMBmDDbeEPenTl1i8ExAADbxOXBtioJtJB6a55hYrI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=JK+vDYVYnA94QEoUJYnn0QQotKs=; b=ApYbQ4HXBi3CPoebVHODbkqKF6TM
	7oTQjBelYBHOf8qaCpERAqVMB06nqFRF9bprgqe/i9pM3lmRpI1Ats2fABQx+bFl
	kLYzjeS8wNGQsovfSxFA6IootzNyTQbvtudKSDUdTDV7FKIUit4FFbZbKHpD82CS
	OQP7Xms0sJMoLLk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.0 required=5.0 tests=AWL,BAYES_40 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Thu, 26 Feb 2015 23:29:31 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Too Many Permissions Stripped In 1.7.35?
Message-ID: <20150226222931.GA11124@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CADi7v6JajieaQGq3N5LY2Ck2m7SiOTci6au5t7RL4gxZdvBgEw AT mail DOT gmail DOT com> <87twy8cv4k DOT fsf AT Rainer DOT invalid> <20150226202836 DOT GB10024 AT calimero DOT vinschen DOT de> <CADi7v6LLEhH9Dn3X3+W4Fk2=r7brDKuSHoJT3f7P31FX8523fg AT mail DOT gmail DOT com> <20150226205736 DOT GA10870 AT calimero DOT vinschen DOT de> <CADi7v6+u=92JZUjJ85xwuELFDm7-O4i5+Js_aWVV=6F-wHxatQ AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="nFreZHaLTZJo0R7j"
Content-Disposition: inline
In-Reply-To: <CADi7v6+u=92JZUjJ85xwuELFDm7-O4i5+Js_aWVV=6F-wHxatQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)

--nFreZHaLTZJo0R7j
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb 26 16:27, Bryan Berns wrote:
> > You just have to enable the SeBackupName and SeRestoreName privs.
> > Try in Cygwin.  It does that automatically.
> >
> > For cases where you need to stick to the Windows ACLs, use noacl
> > mounts.
>=20
> Understood --- I can probably set SeBackupPrivilege /
> SeRestorePrivilege as 'RequiredPriveleges' for the services that
> depend on the system account having access via the ACLs.  Not being
> used quite in the spirit of those privileges (i.e. for
> backup/restore), but doable.  We'll also have to revise our
> permissions model on our network filers since before running 'chmod
> 700' on a file wouldn't blow away our various administrative groups.
>=20
> Like I said originally, just wanted to verify it was desired behavior
> and it sounds like it is.  Thanks!

Having discussed this, I can understand that it may be desirable to
skip the permissions of the SYSTEM account in these circumstances:

- Computing the POSIX ACL mask and default mask value and thus in
  the permission mask as printed by `ls -l'.

- Changing SYSTEM permissions when calling chmod, unless SYSTEM is the
  file's owning group.

Changing this in the code is pretty straightforward. but I'm not willing
to add another mount option for this behaviour.  Either Cygwin ignores
SYSTEM in the aforementioned circumstances or it doesn't.

Crucial vote starting... now.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--nFreZHaLTZJo0R7j
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU755LAAoJEPU2Bp2uRE+gtk0QAIsFTZIOCqED8mB0tNnY6MpD
sKpfM4WnW75W0F2dNNQZhOnJYCfR+QZfHS2/XVLzkOuqcOYDsvmeS0s4PE+TbDoD
l3J72kOsXs3EP6ZbV8weKg5gNRRXDftys1zjyE/mQDWIplTiq1dabxUKTOvMaw50
Ydv77Pg6E93TVUgP1MwdUDg9YQJQDH6Lzdv82NzfoDQ7ylFmOyGjNMdYjiSyMf4E
//tcYMMqi0h8Ik3zbD3BDAEPKgXA4LQruZlj29JB5cvl0kPtsqi0R38i9k75OD01
HNWx9IPoIuoZpvz883f/CT7lOP69+v/sYWjeaQ/uXSDgjesL5QLTHvlS4fb/aroK
yvIA9m152wpJwrIwXV9kqKfnZU55V/F34XilNq0kpHcMQQlm51bylASNkN+A7HMa
Q7iCTB6TAh7Be3VgXn99ZC91j98dG1S9olc6YEkF39+92ZoNkbrBvv5kn60ylZXY
bHo39HO5pOq/gY3miB1xgguzh1ufWYV1GFWzLUHmD0mXiZWvsguZK3DwKVNM87Ok
BHEtE6sYd1Vjd0ilIuYz9orOiiX/VorYX3V5dhEXpqNKwAO3jHJYQZKuZPBalbvT
HtNXCFa34L575IDinLytEhmDl3tIH1UVkFTpbJ23DTKPBTDiJEwHYeS6ujEouOtk
hoCsTWUAyKzFcZ7636kL
=IgXB
-----END PGP SIGNATURE-----

--nFreZHaLTZJo0R7j--