Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT cygwin DOT com Delivered-To: mailing list cygwin-developers AT cygwin DOT com Date: Sat, 24 Aug 2002 22:34:31 +0400 From: egor duda Reply-To: egor duda Organization: deo X-Priority: 3 (Normal) Message-ID: <63212222920.20020824223431@logos-m.ru> To: "Pierre A. Humblet" CC: cygwin-developers AT cygwin DOT com Subject: Re: acl_access denies access owned by 'Everyone' group In-Reply-To: <3.0.5.32.20020824122230.0081d160@h00207811519c.ne.client2.attbi.com> References: <3D6665E2 DOT 92F8C445 AT ieee DOT org> <19113724867 DOT 20020823191251 AT logos-m DOT ru> <3D6665E2 DOT 92F8C445 AT ieee DOT org> <3 DOT 0 DOT 5 DOT 32 DOT 20020824122230 DOT 0081d160 AT h00207811519c DOT ne DOT client2 DOT attbi DOT com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi! Saturday, 24 August, 2002 Pierre A. Humblet Pierre DOT Humblet AT ieee DOT org wrote: PAH> At 06:53 PM 8/24/2002 +0400, egor duda wrote: >>Hi! >> >>Are you talking about nt->unix access rights mapping here? PAH> Yes. >>What if in this case we set permissions like this: >>-abcxyzxyz user Everyone file_name >> PAH> I assume you are talking about mapping the nt ACL to unix PAH> Makes sense, group = other. However the way the code is written, it will PAH> interpret the ACL as -abcxyz--- because the Everyone ACL entry is PAH> used up for group. With the change I proposed (I will send a patch), it PAH> would be -abc---xyz, which would in fact be equivalent to -abcxyzxyz, as PAH> Everyone is no more a valid group in the unix sense, so there is nobody PAH> in Everyone ! Ah, ok. Actually, this should be enough for standard logic for checking of access rights via access() or stat() to work. '-abc---xyz' may look a little strange for an eye of an untrained unixoid who is using cygwin, but it's probably ok. The main point of my concern is to maintain 'File is accessible natively' iff 'File looks accessible from the point of view of posix APIs' as strictly, as we can. >>Or having file owned by 'Everyone' group has other side-effects? PAH> Yes, for example there is no may to implement chmod abcdefghi if PAH> def != hgi. (mapping unix to nt). What should we do then? As far as i understand, it wasn't possible before this change too. ACL for 'hgi' was constructed using Everyone group, so ACLs created from 'def' and 'hgi' parts were being merged anyway. So, we won't loose anything here. PAH> I am curious why it was decided to put the file in the Everyone group. :) It was purely by accident. I agree that this may be foolish, but this doesn't mean we shouldn't be foolproof against this. Egor. mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19