X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=euwskrTDPpTdFkV/SGievppk0oeus1Bnl7zWZEnIuxWL4P6YM+S0l
	7DAx8lAZVPGn1YIWoKYZDxYvLvtiXTrS0DsndtKniR6Douo2tyjf8f6Op6enJTs3
	dLB9OniylPvhrzaagPt6xJqMOe7hDvqvzcsIb4fWqEWZRy4D895yA8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=ebH6CeVY1SjwvJLxhypZqygchuQ=; b=YpKlOAHPfIs8sn8oDbBFvfKqoRf3
	NhJ4Q6rB7VzQU8PIgIaMgMWA77iBkOca9hikLFMyYX4Lfxmt1AnMK6bReLjLGvF9
	91i/RKf67fxPgVI38VhLTi6Jhpp3IkdzixIrGeUO/+WKfCFd0hDc8lSBEU7wYej+
	TaDJEZnPFOvb7Lo=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.5 required=5.0 tests=AWL,BAYES_20,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Sat, 11 Apr 2015 12:07:52 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: [TESTERS needed] New POSIX permission handling
Message-ID: <20150411100752.GE19111@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20150410100703 DOT GA4401 AT calimero DOT vinschen DOT de> <CAAXzdLUFeBX6EREpMA2WeMYT+oS8c=JXhqkwrvNYUGjsWFrW8w AT mail DOT gmail DOT com> <20150411094020 DOT GB19111 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="HnQK338I3UIa/qiP"
Content-Disposition: inline
In-Reply-To: <20150411094020.GB19111@calimero.vinschen.de>
User-Agent: Mutt/1.5.23 (2014-03-12)

--HnQK338I3UIa/qiP
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Apr 11 11:40, Corinna Vinschen wrote:
> On Apr 10 19:00, Steven Penny wrote:
> > On Fri, Apr 10, 2015 at 5:07 AM, Corinna Vinschen wrote:
> > > Please give the new code a try.  I uploaded new 2015-04-10 developer
> > > snapshots to https://cygwin.com/snapshots/
> >=20
> > Here is the test I ran:
> >=20
> >     $ cd /cygdrive/c
> >=20
> >     $ touch ~/{alpha,bravo}.sh ~+/{charlie,delta}.sh
> >=20
> >     $ chmod +x ~/bravo.sh ~+/delta.sh
> >=20
> >     $ ls -l --color ~/{alpha,bravo}.sh ~+/{charlie,delta}.sh
> >     -rw-rw-r--+ 1 John None 0 Apr 10 16:51 /cygdrive/c/charlie.sh
> >     -rwxrwxr-x+ 1 John None 0 Apr 10 16:51 /cygdrive/c/delta.sh    (gre=
en)
> >     -rw-r--r--  1 John None 0 Apr 10 16:51 /home/John/alpha.sh
> >     -rwxrwxr-x  1 John None 0 Apr 10 16:51 /home/John/bravo.sh     (gre=
en)
> >=20
> > So "charlie.sh" looks strange because it has that extra write permissio=
n.
> > However this is not a big deal for me. My concern was that everything w=
as
> > showing up executable (green) when running "ls --color". So overall thi=
s is an
> > improvement, thanks.
>=20
> What is '~+'?  Is that some weird bash feature?
>=20
> Did you check the ACL?  The ACL before and after the change should
> explain what happened.  Check it with getfacl *and* icacls to get
> an idea what it looks like, and compare the result with the POSIX
> ACL rules, as outlined on, e.g., http://linux.die.net/man/5/acl.

On second thought, what you need to know is what the NULL DENY ACE looks
like when looking at it in icacls.

The following bits in the NULL DENY access mask are used:

  Windows access    <->   POSIX access
  --------------          ------------
  FILE_READ_DATA          S_ISVTX
  FILE_WRITE_DATA         S_ISGID
  FILE_APPEND_DATA        S_ISUID

  FILE_READ_EA            MASK S_IXOTH  (POSIX execute perms)
  FILE_WRITE_EA           MASK S_IWOTH  (POSIX write perms)
  FILE_EXECUTE            MASK S_IROTH  (POSIX read perms)

  FILE_DELETE_CHILD       Set if MASK is valid

  READ_CONTROL            Set to mark this as a "new style" ACL.

  SYNCHRONIZE             Has no meaning, but icacls has a bug in
                          printing the access mask of DENY ACEs.

Same bits are used in the inheritable NULL DENY, but S_ISVTX and S_ISUID
should never be set, because they are not supposed to be inherited,


HTH,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--HnQK338I3UIa/qiP
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVKPJ4AAoJEPU2Bp2uRE+gfg8P/3HJPvIBarc1HqfyacTuGZR6
azhnIB9n/IQloA4/aCRzGzYpiGeRAkyVe35Gej6TdRj47aPP4TqiOV5syQ8AJnVR
wiBtMiACU3VKjpRblzxzCnNzVwg/29xMXg0q77TWcBJrTn9+jloDsD4d85ywiJxk
EIOL0aYEZV/56l/ONjFBlRY/Xlq6zAVr92A1VCy7NPeMm6Z/x1KSd6m7RkBrZ+Lm
Nx9EY0Rpm9cHUsTtrotcCXhimLgyGMeV1Q/3Hp/eDJQX8+5mSBbGQ4YyQze2GE4N
Glv5xOKVFOeuEPwUGHEDAcJjN7x3PSkeK/ILul9p5DSGOsK+o+sak1TSyNhjwm6k
4K48nSn5n/cgzLdhKgU/piKIbpqaz7MvY/++1PWXkKRaV01/kn9g9//gRF5VGyvD
Mp5+WcAyT9MAymogzmRz8dvea99ENeI8YTUPfabqONyUg0huiJCjiEwN2Z8qrWfD
VWg/cyBpbhPDJI7j2Du3VJ7SqeVyPI1KNbD5y4jSB+nfSnizWxAL6cpoDtDTRLwf
PP+nmIXSqloFDxZP+Uz7zlzjZMWO+vyH2Kr40AvdGNIjBsIV+LrPsX5KIH4ptbfn
+30vEJQGkmV3JHGyraJM5/xLBeqfTwmBFviZAiAggkB+2H3DNAGo0OH7UlDCVdEm
RRiSv4w+/Ynf/UrMWHb5
=Wc1V
-----END PGP SIGNATURE-----

--HnQK338I3UIa/qiP--