X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=fH0s2oro9SYsJxNO3bMk4MaL6SzaayEjtucvMXPhKqkr8NjcxoK01 yQaCEmgTtMXhQ2s0wiFcZHOwRjwYzxwcquOZ6w6kwl91hBOx+fAoWUD7uUFKRD6x t6vX0gggS5Yn1NDM6TNd2tAeec9K4jPbu+KKxppzBL640OggZ9VWWo= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=iOZklAEA5Y/2zIHRbqhOdWqdwa8=; b=NJStWY83XbledLEZamjhKel723n9 iBJd6smvPUzaOH2BsFkvUDJx1Buy/Kbc4VIAIPUy4sCEX3q5tHlCgpsada9Jsy5X hnEk9aLxLuNp9D1yn3S/6Auru2+v85nNGbWT3/ywaLd19ouEMAsIoyyKIBlNeHUB Ku5HnQQ+9Myug84= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-HELO: calimero.vinschen.de Date: Mon, 13 Apr 2015 09:17:50 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3 Message-ID: <20150413071750.GU7343@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3gk1bTGVZuaU9V5/" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) --3gk1bTGVZuaU9V5/ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Apr 12 17:19, Bryan Berns wrote: > On Sun, Apr 12, 2015 at 3:17 PM, Corinna Vinschen > wrote: > > Hi Cygwin friends and users, > > > > > > New 2.0.0-0.3 test release. It's supposed to fix the pty chmod problem > > reported in https://cygwin.com/ml/cygwin/2015-04/msg00240.html > > >=20 > Just a note: In 2.0.0-0.2, creating a file using touch on the root of > one of my drives resulted in the with the Windows GUI Security tabs > complaining about ACE order on the resultant file. In 2.0.0-0.3, > Windows does not complain and the ACL looks quite a bit different > (shown below). Not sure if this is a problem or not --- just wanted > to report the difference in case your fix had an unintended side > affect. Given my heart skips a beat when I see DENY ACEs, I like the > new behavior behavior better. Deny ACEs, if used correctly, are ok. Cygwin needs them to implement the POSIX ACL MASK value. Consider: mask: rw- user foo: r-x --- effective: r-- Cygwin needs to know that user foo has real permission r-x, so the ALLOW ACE contains (RX). But the mask value forbids write perms, so the user gets a DENY ACE, along these lines: MASK: rwx foo DENY: --x foo ALLOW: r-x So the effective permissions for user foo are r--, while Cygwin still knows that the actual permissions are r-x. > V:\>icacls v: > v: BUILTIN\Administrators:(OI)(CI)(F) > NT AUTHORITY\SYSTEM:(OI)(CI)(F) > NT AUTHORITY\Authenticated Users:(OI)(CI)(M) > BUILTIN\Users:(OI)(CI)(RX) >=20 > Output from file created from 2.0.0-0.3: >=20 > V:\>icacls touch-from-3 > touch-from-3 DOMAIN\Administrator:(R,W,D,WDAC,WO) > DOMAIN\Domain Users:(R) > Everyone:(R) > BUILTIN\Administrators:(F) > NT AUTHORITY\SYSTEM:(F) > NT AUTHORITY\Authenticated Users:(M) > BUILTIN\Users:(RX) I don't believe this is an ACL created by Cygwin 2.0.0 at all. It's missing the NULL deny ACE. > Successfully processed 1 files; Failed processing 0 files >=20 > Output from file created from 2.0.0-0.2: >=20 > V:\>icacls touch-from-2 > touch-from-2 NULL SID:(DENY)(Rc,S,WEA,X,DC) > DOMAIN\Administrator:(R,W,D,WDAC,WO) > DOMAIN\Domain Users:(DENY)(S,X) > NT AUTHORITY\Authenticated Users:(DENY)(S,X) > BUILTIN\Users:(DENY)(S,X) > DOMAIN\Domain Users:(RX) > NT AUTHORITY\Authenticated Users:(RX,W) > NT AUTHORITY\SYSTEM:(RX,W) > BUILTIN\Administrators:(RX,W) > BUILTIN\Users:(RX) > Everyone:(R) The ACL looks vaguely ok, but I'd need to know the owner, group, and what Cygwin thinks the ACLs look like in POSIX speak (getfacl output). I'm AFK most of today, though, so a reply may take a while... Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --3gk1bTGVZuaU9V5/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJVK22eAAoJEPU2Bp2uRE+grtcP/1htIKHBwrI6Xie4GMk0O2lx TEXX3omAtlxkcW1UZtAPm2ZCZVgGW4kK209WWUXfrxqe0nSPmtLtnYPbM6ZwiMLK dtLzRoDdWBILGVDf+kPL/xFqGFVxbcVdJdEi+RdYLbTvi5QhDAqw0KGO4UHH1zrL XKhUND/qi1zMu/Tc7U5VO5qnTWb93Tvdu06HW1StrepIY0nRA6ftnFeRWP8o1TPk JBO5WKWBFwy6DROhwZW1asPnMuDTEph++jIg/yScmv2nSBMfpadZ0k9hzK2ty12E IwCmc+m/asR2J9Ke//ioypAmUe1QJzqw9f9R3b6kkbCVcQT4wdL50QnzxSslw+GL uzl/yFly+7G5WEADvj+QI6cSoJ3F6XX8HzG/vSA/uKwX11rm74XI8fvBeOJFECky jwWDll2q+XjOWS231y3nj4GREZKgVoq0xjYJpuO8TzoVILPCKOPes6E4a57Q05DF ZRaCfKWnmjJueWEDl3qRUnUcUjoOMg6vPMCTHEN0rKjkgX48UETt/hgJQHz8tuKC ciiCnEJZhjBz85n645UsbCt2pbdo8HZNpMbWdAFwwpkghV7E2L10PYSfDDEqohjr oBkzXd7yMLCWtsQXoaV3wIR8/u1F0BC2gvNQADA2WWXzlcCszCgrRTR3+WyFYQ2D 8d8pyNSbpaksW7rhWdU7 =SWH/ -----END PGP SIGNATURE----- --3gk1bTGVZuaU9V5/--