X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=j+owOaWFOES+7WrP/mV8NcLqFMm8vrSjMFfVzAM/Hp8AD+Q3ZsAmr
	mX847CqkPPQqrJiGh8/jCUqnpWM9s5xURPM2PqsrtWw3YpSAvc9kJfkbqOd0e2BZ
	hHhVEg/Y0ZrLY0jfWQ/W/Njkmw2EjR6vO4R/ar/PFhXp7kYNNbypho=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=UcRj2Au1pQ+WKzMM916rFCQjPxk=; b=WcIg1k4ou3PAa18SM+i8L1dQADdK
	KGdwNczDSm2JKpmmN+DBIk9iiXDc0SYhcj1baGp4zMk87WJ8loGR1xwgIJiwd9O6
	gukjdk2wHhVUm14UunZKfQ3ENroDkNcLI26fhpCjPeQQdb6IgBlUKNqv4/XYnbeq
	Sc6llNEhjqkIjJk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Wed, 12 Aug 2015 17:26:01 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Shares with strange ACL settings
Message-ID: <20150812152601.GL13029@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <loom DOT 20150811T101658-176 AT post DOT gmane DOT org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="NqSa+Xr3J/G6Hhls"
Content-Disposition: inline
In-Reply-To: <loom.20150811T101658-176@post.gmane.org>
User-Agent: Mutt/1.5.23 (2014-03-12)

--NqSa+Xr3J/G6Hhls
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Aug 11 08:42, Achim Gratz wrote:
> I've thought some more about those strange shares I need to use that have
> inherited ACL that don't let me change the ACL at all and hence prevent
> Cygwin from fixing up the POSIX permissions.  That generally ends up with
> permissions like these:
>=20
> % ll test
> total 10
> d---rwx---+ 1 gratz          Domain Users    0 Aug 10 11:51 ./
> d---rwx---+ 1 Administrators Administrators  0 Aug 10 11:50 ../
> ----rwx---+ 1 gratz          Domain Users   18 Aug 10 11:51 blafasel*
> ----rwx---+ 1 gratz          Domain Users   18 Aug 10 11:51 blumblum*

I don't know what to do about this.  We're talking back and forth
about reflecting group perms into user perms and whether we do it
or not, it always seems to have some downside on some installations.

A reworked implementation which takes the exact user perms into account
in a Windows environment, and which works from a normal user account is
a major undertaking.  I doubt I'll have the time to implement something
big any time soon.

> Some applications that know how POSIX ACL are supposed to work conclude t=
hat
> such directories or files are not readable:
>=20
> % cd test
> % perl -E 'say -r "." ? "readable" : "not readable";'
> not readable
> % perl -E 'say -r "blafasel" ? "readable" : "not readable";'
> not readable
>=20
> Other applications not using this shortcut and going all the way to
> faccessat correctly determine readability:
>=20
> % [ -r . ] && echo readable || echo not readable
> readable
> (1056)/mnt/upload/test > [ -r blafasel ] && echo readable || echo not rea=
dable
> readable
>=20
> If I access the files from another account (that has the same group
> memberships that give read/write access to the share) or change the owner,
> then the shortcut is never invoked:
>=20
> $ perl -E 'say -r "." ? "readable" : "not readable";'
> readable
> $ perl -E 'say -r "blafasel" ? "readable" : "not readable";'
> readable
> $ [ -r . ] && echo readable || echo not readable
> readable
> $ [ -r blafasel ] && echo readable || echo not readable
> readable
>=20
> So, it would probably help if I had a mount option to force the ownership=
 to
> some account that I am never logged in as, either via a mount option or
> whenever the POSIX user modes are all cleared.  I don't know if that might
> confuse applications when they check ownership on newly created files,
> though.  Is that something that is implementable easily so it could be
> tested via a snapshot?

I'm not sure I understand the idea of mounting w/ an explicit user account
and how this might help.  What about just using the noacl mount option
for weird shares like the above?


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--NqSa+Xr3J/G6Hhls
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVy2WJAAoJEPU2Bp2uRE+gQuYP/j7+OT8DBmZkI7AlasjGhhCP
GOp4q3X7EN4rWiiBTk4FJHH/N0ugOOT7Qf4Yk3pjM6bDCbyoaLLzp+CSyHP3sMow
bxtwigRsdpV9ULur1jFwNWrCL/sLChBCV1+pjWSWcwQIBQUi8ckBx5/aT+/rmPKg
8w+KWuy61EuWAC+4eQW3i/YIfwkIWWXazxHB9N2uzlmefCt4P+sEyuus5Rcv/oUd
19I7yP67aOqEBoP/QtLCbQgvPB+FPawlUoW6GMuyNxTh/ZaVfrDdWDKVcu59/GxH
33U3EpNQ+kNnNfwI5biftyInPl2063iBrUMoCHjObGR3IZgF4DlTmwLcHsHe6ttx
kM/qiALv9F1qLgX9OWJRetEGpiJQmi/JyPoNj9U5kyBfVd8jWyv2NpfQOsZIeGv4
1gzYwf6gPUGddNKZ4f2WDLD+2Hmt/4H7/LzcmuqQwcTiGfD3z33ey4yF2BhCduke
OBxrNQ/WBIiXrEQ1rnMFQovGot8v1tAD2vjNFCfcFtEe5zGIt/Os0761ONQ7VQd1
4Gr0M+YgJBMHOp5mv+wMjKHGZ3hR/GykZKgINAg97VSw+c62Powi5YqlvngfTjxu
7h1imruoii1jj7MVtZnbr3nMVStY4qify4VlHsm5z6swvYTTd6f3gxvtabzsPEef
/xouF/hfc9+KFN12Oc6a
=rQzd
-----END PGP SIGNATURE-----

--NqSa+Xr3J/G6Hhls--