This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Re: Incongruence between cygwin and samba ACL handling
On Aug 14 16:39, Abramo Bagnara wrote:
> Corinna Vinschen ha scritto:
> > I was inclined to say that this is neither a Cygwin, nor a Samba bug,
> > since Cygwin has good reasons to set the FILE_READ_ATTRIBUTES and
> > FILE_READ_EA flags (Everybody must be able to read this for POSIX
> > permission handling) as well Samba has good reasons to set the read
> > permission bit if any one of these permission flags is set.
>
> Thinking more about that, I'm tempted to disagree about the latter.
> [...]
> IMHO when a permission model is mapped in another permission model that
> has less or different granularity the resulting permission should be a
> subset of the original one.
>
> To use a different policy is inherently dangerous, especially because
> this conversion is implicit and user is not informed of consequent data
> exposure.
>
> I'm missing something? Which are the good reasons for samba to set the
> read permission bit you see?
Usability. Since the granularity of POSIX permissions only allows to
say "read or not read", the necessaity to allow a user to access any
property of a file (data, attributes, extended attributes) requires
the server to open up read permissions in general. I see your point,
but it's entirely impratical to implement, IMO. If that's an issue
for you, you should discuss this issue on a Samba mailing list, though.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat