X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:subject:to:references:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=Ym3ClXY9WwxJPa7p
	ufPw9bgf49M3UVcJ2feVTr+g6Yn5Bx4mZLvzVbW0PkjZTfb/s9mxQOURnsJM2n3e
	wo203Vd1eFazM4YJelZvvIG8gNYYSn4kyrPZIGta5Stb5Hrq2X2rpyvJJIv1ROre
	CuRnoPbaSOdhThKZCA6a6PZsK1c=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:subject:to:references:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=3SdcI+7Gm7zhyTzJt16LD+
	bOscE=; b=Sv3hbObiOZ4qdL4W2gOFoIztYzdjkgiTQvWkTjUOrC9mNSHkEsZIX3
	9ae+PdM+yK2iu1GM0rx7v/E1JJuVmyS8Yjk78IfxkEq6Oiak1VRyHz+PcpMDKyxS
	DVib32mNQW9Hr52tOl6X/Md0qvCub9pcgaxQWRSdu/Ihcr3Tu/PZA=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: eastrmfepo101.cox.net
X-CT-Class: Clean
X-CT-Score: 0.00
X-CT-Spam: 0
X-Authority-Analysis: v=2.0 cv=FaLpMuC6 c=1 sm=1 a=E2TABC3fJca0I99Ic2bSGA==:17 a=kviXuzpPAAAA:8 a=w_pzkKWiAAAA:8 a=xY73FNB23K_2OedlPv0A:9 a=QEXdDO2ut3YA:10 a=E2TABC3fJca0I99Ic2bSGA==:117
X-CM-Score: 0.00
Authentication-Results: cox.net; auth=pass (CRAM-MD5) smtp.auth=superbiskit AT cox DOT net
From: David A Cobb <superbiskit AT cox DOT net>
Subject: Re: Group Permissions on root folders problem (Windows 10 TP build 10061)
To: cygwin AT cygwin DOT com
References: <CAMH9mcFEL3mao+m-DEYM84kC1HOPeSBpZXD+mDf0USobF9oY7g AT mail DOT gmail DOT com> <CAMH9mcFOKjvjiFvvk1ju0ZxBDK28MaktdnYwj5_CjvbgnpVO4A AT mail DOT gmail DOT com> <20150616155843 DOT GE31537 AT calimero DOT vinschen DOT de> <DJzl1r0012qVqVd01Jzm3c> <55F1A69D DOT 9050201 AT cox DOT net> <FU891r01R2qVqVd01U8Bkq>
Message-ID: <55F1EB0E.1090802@cox.net>
Date: Thu, 10 Sep 2015 16:41:50 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:43.0) Gecko/20100101 Thunderbird/43.0a1
MIME-Version: 1.0
In-Reply-To: <FU891r01R2qVqVd01U8Bkq>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

On 2015-09-10 12:07, Ken Brown wrote:
> On 9/10/2015 11:49 AM, David A Cobb wrote:
>> On a Windows-10 host: when I use Cygwin *chown***or *chmod *to make
>> permission changes, the next time I access the folder-tree from Windows
>> Explorer Security tab, it complains that the Access Control List is
>> incorrectly ordered and that will cause undesirable results; happy to
>> say, it gives me the chance to re-order the ACL.  The usual undesirable
>> result is that an app can create a folder /New/ within /T/ but cannot
>> create anything within /T/////New/.
<SNIP />
>> This is explained in the Cygwin User's Guide:
>
>   https:/cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files
>
> Ken
>
OK, but where the UG says:
<QUOTE >
   * All access denied ACEs *should* precede any access allowed ACE. ACLs
     following this rule are called "canonical".

Note that the last rule is a preference or a definition of correctness. 
It's not an absolute requirement. All Windows kernels will correctly 
deal with the ACL regardless of the order of allow and deny ACEs. The 
second rule is not modified to get the ACEs in the preferred order.

Unfortunately the security tab in the file properties dialog of the 
Windows Explorer insists to rearrange the order of the ACEs to canonical 
order before you can read them. Thank God, the sort order remains 
unchanged if one presses the Cancel button. But don't even *think* of 
pressing OK...
</QUOTE>

What I'm seeing suggests that the statement of Windows (really NTFS?) 
"correctly dealing with this" is no longer correct.  What is more, if I 
do /not/ allow Windows to reorder the rules to its own liking, I cannot 
correct the symptom described about not being able to access files 
within "/New/".

It's all very well to say "don't even think of pressing OK," but IMNSHO 
Cygwin should /_never_/ allow a user to create a situation which is so 
unacceptable to Windows.  It would be better to tell the user "I'm 
sorry, Dave, I'm not able to do that." [Correct quote from Hal of '2001' 
forgotten].  I know that not all settings allowed in POSIX can be 
represented -- so refuse to try setting the things that cannot be 
represented.

I wouldn't mind mounting everything as "noacl," but would that not 
disable even the limited permission settings we can represent?




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple