Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Date: Sat, 24 Aug 2002 22:34:31 +0400
From: egor duda <deo AT logos-m DOT ru>
Reply-To: egor duda <cygwin-developers AT cygwin DOT com>
Organization: deo
X-Priority: 3 (Normal)
Message-ID: <63212222920.20020824223431@logos-m.ru>
To: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
CC: cygwin-developers AT cygwin DOT com
Subject: Re: acl_access denies access owned by 'Everyone' group
In-Reply-To: <3.0.5.32.20020824122230.0081d160@h00207811519c.ne.client2.attbi.com>
References: <3D6665E2 DOT 92F8C445 AT ieee DOT org>
 <19113724867 DOT 20020823191251 AT logos-m DOT ru> <3D6665E2 DOT 92F8C445 AT ieee DOT org>
 <3 DOT 0 DOT 5 DOT 32 DOT 20020824122230 DOT 0081d160 AT h00207811519c DOT ne DOT client2 DOT attbi DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi!

Saturday, 24 August, 2002 Pierre A. Humblet Pierre DOT Humblet AT ieee DOT org wrote:

PAH> At 06:53 PM 8/24/2002 +0400, egor duda wrote:
>>Hi!
>>
>>Are you talking about nt->unix access rights mapping here?

PAH> Yes.

>>What if in this case we set permissions like this:
>>-abcxyzxyz user Everyone   file_name
>>
PAH> I assume you are talking about mapping the nt ACL to unix
PAH> Makes sense, group = other. However the way the code is written, it will
PAH> interpret the ACL as -abcxyz--- because the Everyone ACL entry is
PAH> used up for group. With the change I proposed (I will send a patch), it
PAH> would be -abc---xyz, which would in fact be equivalent to -abcxyzxyz, as
PAH> Everyone is no more a valid group in the unix sense, so there is nobody
PAH> in Everyone !

Ah, ok. Actually, this should be enough for standard logic for checking of
access rights via access() or stat() to work. '-abc---xyz' may look a
little strange for an eye of an untrained unixoid who is using cygwin,
but it's probably ok. The main point of my concern is to maintain

'File is accessible natively' iff 'File looks accessible from the
point of view of posix APIs'

as strictly, as we can.

>>Or having file owned by 'Everyone' group has other side-effects?
PAH> Yes, for example there is no may to implement chmod abcdefghi if
PAH> def != hgi. (mapping unix to nt). What should we do then?

As far as i understand, it wasn't possible before this change too. ACL
for 'hgi' was constructed using Everyone group, so ACLs created from
'def' and 'hgi' parts were being merged anyway. So, we won't loose
anything here.

PAH> I am curious why it was decided to put the file in the Everyone group.

:) It was purely by accident. I agree that this may be foolish, but
this doesn't mean we shouldn't be foolproof against this.

Egor.            mailto:deo AT logos-m DOT ru ICQ 5165414 FidoNet 2:5020/496.19