X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=g4DMlXiuWMUOU3A9lgk4WPZbok8gHGCQBwOsRv5CyUKjcoK9JplhE
	AJdOX07CP4pmWP1opxgBf4CBHXiCqLkC/PJg9JpXd7zkuCLqtiwDrdzpTrMck1Mw
	CSK1vS4HEiruuw9jDnQJDKAMEFVilGFX/tRkaN99ZbgdWKO9JWcTIc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=KiF881QLJK4XTV5pABa8LLVXxxs=; b=Szv7YwcUl+4k7NQfjb4Az1bZS9HK
	Qiez3Ynbp2UHYWPi0OYant6lJAWhUNDFj2qxAdX6pNVS3q7wuxPVlibJLBi+gHXF
	OkkgLlQT+if4D8RL9MGaDH6R7TfhgpNN6esizx1+XiUeVdKNhIalLV1WXvjpsspQ
	NwVoA9d70wRgvWc=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Thu, 10 Sep 2015 19:29:23 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Group Permissions on root folders problem (Windows 10 TP build 10061)
Message-ID: <20150910172923.GC26699@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CAMH9mcFEL3mao+m-DEYM84kC1HOPeSBpZXD+mDf0USobF9oY7g AT mail DOT gmail DOT com> <CAMH9mcFOKjvjiFvvk1ju0ZxBDK28MaktdnYwj5_CjvbgnpVO4A AT mail DOT gmail DOT com> <20150616155843 DOT GE31537 AT calimero DOT vinschen DOT de> <DJzl1r0012qVqVd01Jzm3c> <55F1A69D DOT 9050201 AT cox DOT net> <55F1AADD DOT 1030908 AT cornell DOT edu>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="t0UkRYy7tHLRMCai"
Content-Disposition: inline
In-Reply-To: <55F1AADD.1030908@cornell.edu>
User-Agent: Mutt/1.5.23 (2014-03-12)

--t0UkRYy7tHLRMCai
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sep 10 12:07, Ken Brown wrote:
> On 9/10/2015 11:49 AM, David A Cobb wrote:
> >On a Windows-10 host: when I use Cygwin *chown***or *chmod *to make
> >permission changes, the next time I access the folder-tree from Windows
> >Explorer Security tab, it complains that the Access Control List is
> >incorrectly ordered and that will cause undesirable results; happy to
> >say, it gives me the chance to re-order the ACL.  The usual undesirable
> >result is that an app can create a folder /New/ within /T/ but cannot
> >create anything within /T/////New/.
> >
> >Hypothesis: we are indirectly(?) modifying the ACL but are not observing
> >whatever Windows expects for ordering.  I know that Windows enforces
> >"*deny*" rules before any "*allow*" rules; I do not know what other

Ken's right, the docs explain it basically.

Additionally it's important to stress the fact that Windows does not
actually enforce the so-called "canonical" order.  It does so only in
some circumstances, as in the GUI.  In fact it's only a "nice to have",
not an OS limitation.  The evalation order of ACLs is the only
interesting factor and that works the same way, independently from the
ACL being canonical or not.  Therefore the Cygwin-generated ACLs are not
necessarily canonical, but still valid.

Just *don't* reorder them in the GUI, unless you really know what you're
doing.

> >ordering it observes.  I do know that Windows doesn't really consider
> >the "group" property the same way POSIX does, FWIW.
>=20
> This is explained in the Cygwin User's Guide:
>=20
>   https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files
>=20
> Ken


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--t0UkRYy7tHLRMCai
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV8b3zAAoJEPU2Bp2uRE+gJeAP/RlomLUIJkAk8rVB5mS3K0Jm
re7nx0vkLeKv3fQyiCXU+lRWHbSwrMuOH4MFJZ3lcBCDl/h7WIVsnkutREf0QQ6k
S4DxfaoKtNS3DcdlXyaBpD7IrQV5BtOhuYQyb9YN6fwxGvdnwdiDsjG9cGzJ2RhB
Jc/NKxK2MnFVNl9Ca3qj9Duc1z/vX3Q3mya9dVM35bivWqzn6JjkMumk2+VW5TQk
ovg62rUTkwveJgt8sscXVWNyVeK4lC7v4411qs8a8RqCE8LKPL/9GhF/UWSYD29z
pW85uhR6zK9MeH1xf18ppdAdj6g7Dv0StFiB+2GgkU+ZihNL/Z1g8P6jE5JeBfwf
35lNPZtVORugBqF52Are62QfARb40/hdgeB9/2YZZjf8tgAVNaiIQ53MjsL7XEq2
IVfwYc1OfaMs5OuX0IEdI9Tzvn12jKEHE05D0CqCWvELqU1c0cZOf9F65kySvs/R
IfSpiOv4qrc98XZD2O99XafYPw5Kg1ZemevQdRvxnD0juKIlrbqGR03I0HJGpuw9
JUesJiqrWoznqZmO8Ywv9/fts8Fn/jNTKkdZkjjH8Ccw4IrGZPmsSkuv0pN37Lm0
usZCUBTmVZtKbYdz75SbK2wbhFSzQB+pqoUtGVSDUUltLaOdwMPkhyAmN7YTlaGr
7MF7crq8XVpsH0HFsHz4
=sQZZ
-----END PGP SIGNATURE-----

--t0UkRYy7tHLRMCai--