Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Date: Sat, 24 Aug 2002 15:00:24 -0400
From: Christopher Faylor <cgf AT redhat DOT com>
To: cygwin-developers AT cygwin DOT com
Subject: Re: acl_access denies access owned by 'Everyone' group
Message-ID: <20020824190024.GA27153@redhat.com>
Reply-To: cygwin-developers AT cygwin DOT com
Mail-Followup-To: cygwin-developers AT cygwin DOT com
References: <3D6665E2 DOT 92F8C445 AT ieee DOT org> <19113724867 DOT 20020823191251 AT logos-m DOT ru> <3D6665E2 DOT 92F8C445 AT ieee DOT org> <3 DOT 0 DOT 5 DOT 32 DOT 20020824122230 DOT 0081d160 AT h00207811519c DOT ne DOT client2 DOT attbi DOT com> <63212222920 DOT 20020824223431 AT logos-m DOT ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <63212222920.20020824223431@logos-m.ru>
User-Agent: Mutt/1.3.23.1i

On Sat, Aug 24, 2002 at 10:34:31PM +0400, egor duda wrote:
>Hi!
>
>Saturday, 24 August, 2002 Pierre A. Humblet Pierre DOT Humblet AT ieee DOT org wrote:
>
>PAH> At 06:53 PM 8/24/2002 +0400, egor duda wrote:
>>>Hi!
>>>
>>>Are you talking about nt->unix access rights mapping here?
>
>PAH> Yes.
>
>>>What if in this case we set permissions like this:
>>>-abcxyzxyz user Everyone   file_name
>>>
>PAH> I assume you are talking about mapping the nt ACL to unix
>PAH> Makes sense, group = other. However the way the code is written, it will
>PAH> interpret the ACL as -abcxyz--- because the Everyone ACL entry is
>PAH> used up for group. With the change I proposed (I will send a patch), it
>PAH> would be -abc---xyz, which would in fact be equivalent to -abcxyzxyz, as
>PAH> Everyone is no more a valid group in the unix sense, so there is nobody
>PAH> in Everyone !
>
>Ah, ok. Actually, this should be enough for standard logic for checking of
>access rights via access() or stat() to work. '-abc---xyz' may look a
>little strange for an eye of an untrained unixoid who is using cygwin,
>but it's probably ok. The main point of my concern is to maintain
>
>'File is accessible natively' iff 'File looks accessible from the
>point of view of posix APIs'
>
>as strictly, as we can.

Hmm.  Interesting perspective when you read email all at once rather
than when it comes in (I've been away).

Two things come to mind when reading this thread:

1) Should we just be ignoring "Everyone" when we read /etc/group?  Would
   that have "fixed" things here?

2) Would it be feasible to either extend cygcheck to perform some sanity
   checks on file accesses or to write another standalone utility that
   does so?

Actually, now that I think of it, adding some additional logic to cygcheck
to accommodate frequently seen problems in the cygwin mailing list would
be a wonderful thing.  This is a little more difficult than it may seem
at first since, these days, cygcheck is not a cygwin program.

However, it could be an interesting project for someone who is not currently
a cygwin internals guru.  You could make a huge difference to the cygwin
community if you could add, say, checking for common problems when trying to
run "cron" or something.

>PAH> I am curious why it was decided to put the file in the Everyone group.
>
>:) It was purely by accident. I agree that this may be foolish, but
>this doesn't mean we shouldn't be foolproof against this.

I agree.

cgf