X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=LdgZsTC18zPzpxu7V/c7hM6HIPjKjmdvIVvGRZLXkODwEXcRlF94V
	VTwLxBPKSXaVL9+keGSmLn0g56+0rDPrfe4whXy0BcqRX50qEAhqhbeSdEHcsAaK
	6/shYsVRmdO47NPZjujMgXLy/W9OoWX5RvV6K8yEA+tv8vrCXa98Cg=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=qnPhxay64hF+0kpmafd+oMp5qpY=; b=c0Rou6kgtniqbEkHNLYXZpO1hWZH
	liQhA3B/C8i9MtZIUwDPykbugrNOlCAEdLYhkBn4eeFa5BXPGcenXGfFu4FetN6N
	7J8otOhLirvOPZmpLbFR287S5d46Hy7L+WR1hJuhG9u66tHTRh2r5yonhCwaW2R2
	ulel9/xJAg3LqCY=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Mon, 9 Nov 2015 11:09:53 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.3.0-0.7
Message-ID: <20151109100953.GA20001@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <announce DOT 20151106092658 DOT GA30065 AT calimero DOT vinschen DOT de> <563C8B08 DOT 9000405 AT gmail DOT com> <20151106125012 DOT GA26566 AT calimero DOT vinschen DOT de> <87fv0ihqfk DOT fsf AT Rainer DOT invalid>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q"
Content-Disposition: inline
In-Reply-To: <87fv0ihqfk.fsf@Rainer.invalid>
User-Agent: Mutt/1.5.23 (2014-03-12)

--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Nov  6 20:35, Achim Gratz wrote:
> Corinna Vinschen writes:
> > One of the sore points is performance hit when
> > using AuthZ to fetch the effective user permissions.  How's your
> > impression?  Is it noticable in your environment?
>=20
> Aside from the somewhat contrived example I already gave, the normal
> day-to-day operation with the snapshot so far was uneventful.  Other
> users besides me have the snapshot installed since about a week, so if
> there were any catastrophic degradation I should know by now (I did ask
> them to report back if they see something that's different as before).

Sounds good.  Nevertheless, I'll release 2.3.0-1 and an 2.4.0-0.1 test
release today.

It occured to me that there's a potential way to tweak the code to
reduce the number of AuthZ calls.  Consider:

If the user has its own ACE, and if user_perms | all_group_perms |
other_perms =3D=3D user_perms, or if user_perms are already RWX, then there
are no groups which could have more permissions than the user already
owns all by itself.

Good examples of this scenario are typical default POSIX perms 644 or
755 or even 775, used a lot throughout existing Cygwin trees.  None of
them require to check with AuthZ, but the AuthZ test is performed
indiscriminately if it's a not one of the "new" Cygwin ACLs.

I'll look into that this week.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWQHDxAAoJEPU2Bp2uRE+gB1YQAIfqz3VgRXK0QfKSosOvbQ7W
rYomF6K0a9hhLo0kT+WOI7q+RgwmxF3MrK6F4TTlELCIGvFCI3X64eO4jKP1sXHh
jkzkWR0GdkS8MutuTM98MlC8rZTN0aGCias2YM9Gy/rHfISEdgONC7a87EXzKQlD
IVQy0CEBxRK2wWzy7qPedUqalWnn+1FWM9D4CpxRJU5JDPgDcBfbFLP7ie32F/TI
BG568tgn2pzPF12/oYcdRSI0ls0/pBYBC0lRGQWEzn6lyKFJIrs6mwLnztk1AvBP
ZIobJmDm2duzwqfOhhI9b7sapswyD60K5e9hXbdQjYu+Tq6Xejh84b06LdZdzBmG
odVF2Ei6paUmcr9nEVxRU349OBJdpeGFshNWJQy+tKh1Y6V4WoaK0+z0qCjtcgSh
7kiE+Y2qmapWaoYVQzWKER+59V+n1hP5tCwJXpMKrhl8J7nSSq/yc5aRaDiEoPX/
MfYRe2diG51TjC9ntbgaKn343FSNvD3QMaHuVjzmsPJcE/VCpoXLUUc49lEY8k7/
VtWb5ZycyFZnDT0v/iCPL4YlQM/Rd6BGIWCh4E3goRnJq3T6ggPSpkvr7WacO1FA
ag5YCoxWNFtQY/qGFt4Sca4u6O0OPvvZ3nrd56D1Ixbv8cSyX3Hq4Ohtq5SC3uF3
HvnnU/rxdkIKT05Q4FQi
=C7m8
-----END PGP SIGNATURE-----

--Q68bSM7Ycu6FN28Q--