This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Aug 12 20:59, Achim Gratz wrote: > Corinna Vinschen writes: > >> I think so, but there are likely some corner cases. But I think that > >> had been proposed and shot down already, so I was trying to come up with > >> something less intrusive. > > > > This is relatively unintrusive. The current user token is always > > available. So if owner == current user, for every group in the file's > > ACL just check if it's in the current user token and, if so, add the > > perms of that group to the owner perms. > > > > Sounds pretty neat as an intermediate solution to me. > > I'd play the guinea pig for that snapshotâ :-) This puzzles me a bit. As example you gave something like ----rwx---+ gratz Domain Users [...] foo Given the code in recent Cygwin versions, this shouldn't happen if the user gratz is member of the Domain Users group. The current code doesn't test all groups in the ACL, only the primary group, but that's sufficient in most cases. So this could only happen if you modify the permissions of windows files using Cygwin tools and Cygwin helpfully gernerates a DENY ACE for the owner. I'm just not exactly sure about the way to go to get these permissions in a non-artificial scenario. But I can reproduce it like this: - The file xxx has a primary group different from the group which has permissions, e.g.: owner: foo pgroup: foo_group acl: 1 entry bar_group: full control - ls -l xxx ----rwx---+ 1 foo foo_group 68565 Aug 10 10:37 xxx - $ chmod g-w xxx - Afterwards, the POSIX-like ACL looks like this: $ icacls xxx xxx foo:(DENY)(S,RD,REA,X) foo:(D,Rc,WDAC,WO,RA,WA) foo_group:(RX) Everyone:(Rc,S,RA) bar_group:(RX) So, what's going on here and how do we really fix it? It *might* be prudent to drop any efforts to create DENY ACEs to reflect the POSIX perms. That results in the documented permission gap between POSIX and Windows permissions, though. There's just no way to express all possible POSIX permissions using Windows ALLOW ACEs only. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
Attachment:
pgpIbSo6qZvC0.pgp
Description: PGP signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |