This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: security.cc and sec_acl.cc (ntsec, inheritance and sec_acl)
- From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
- To: Corinna Vinschen <cygwin-patches at cygwin dot com>
- Date: Mon, 16 Dec 2002 13:02:05 -0500
- Subject: Re: security.cc and sec_acl.cc (ntsec, inheritance and sec_acl)
- References: <3.0.5.32.20021205222631.007d3920@mail.attbi.com> <20021210112403.B7796@cygbert.vinschen.de> <3DFDF1C4.575D6360@ieee.org> <20021216184320.H19104@cygbert.vinschen.de>
Corinna Vinschen wrote:
>
> Hi Pierre,
>
> On Mon, Dec 16, 2002 at 10:31:16AM -0500, Pierre A. Humblet wrote:
> > I have a question: there is code in setacl (new line 139) to merge non-default
> > ACE's with previous default ACEs.
> > As the acl was sorted, I don't see how that code can ever be exercised.
> > Should we try to merge default ACEs with non-default ones? I am not sure it's
> > worth it.
>
> the answer is "yes".
>
> The incoming acls are Sun acls. They could look like this:
>
> ...
> user:foo:rw-
> ...
> default:user:foo:rw-
>
> That is a sorted acl, right? When converting this into a Windows ACL
> I'd like to see this as just one ACL, having the correct permissions
> *plus* the inheritance attribute. I don't see how that's incorrect?!?
>
It's correct, and it's apparently being done already (see below).
But frankly I don't understand why it happens!
The default is merged with a previous non-default.
I only see Cygwin code to merge a non-default with a previous default.
Pierre
/> mkdir abcd
/> setfacl -s u::rwx,g::rwx,o::rwx,u:testuser:r--,d:u:testuser:r-- abcd
/> getfacl abcd
# file: abcd
# owner: PHumblet
# group: Clearusers
user::rwx
user:testuser:r--
group::rwx
mask:rwx
other:rwx
default:user:testuser:r--
default:mask:rwx
/> cacls abcd
e:\abcd DOMAIN\PHumblet:F
PHumblet\testuser:(OI)(CI)(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_READ_DATA
FILE_READ_EA
FILE_READ_ATTRIBUTES
DOMAIN\Clearusers:F
Everyone:F
> Corinna