From: Corinna Vinschen Date: Wed, 18 Nov 2015 22:11:10 +0000 (+0100) Subject: Document new ACL code X-Git-Tag: newlib-2_3_0~74 X-Git-Url: https://sourceware.org/git/?a=commitdiff_plain;h=396e8310b11d4cce63d8a7544c0fc624a4fd822c;p=newlib-cygwin.git Document new ACL code * new-features.xml (ov-new2.4): Add new ACL changes. Signed-off-by: Corinna Vinschen --- diff --git a/winsup/cygwin/release/2.4.0 b/winsup/cygwin/release/2.4.0 new file mode 100644 index 000000000..480b61224 --- /dev/null +++ b/winsup/cygwin/release/2.4.0 @@ -0,0 +1,36 @@ +What's new: +----------- + +- New, unified implementation of POSIX permission and ACL handling. The + new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and + they allow to inherit the S_ISGID bit. ACL inheritance now really + works as desired, in a limited, but theoretically equivalent fashion + even for non-Cygwin processes. + + To accommodate standard Windows ACLs, the POSIX permissions of the + owner and all other users in the ACL are computed using the Windows + AuthZ API. This may slow down the computation of POSIX permissions + noticably in some circumstances, but is generally more correct. The + new code also ignores SYSTEM and Administrators group permissions when + computing the MASK/CLASS_OBJ permission mask on old ACLs, and it + doesn't deny access to SYSTEM and Administrators group based on the + value of MASK/CLASS_OBJ when creating the new ACLs. + + The new code now handles the S_ISGID bit on directories as on Linux: + Setting S_ISGID on a directory causes new files and subdirs created + within to inherit its group, rather than the primary group of the user + who created the file. This only works for files and directories + created by Cygwin processes. + +- New API: rpmatch. + + +What changed: +------------- + +- setfacl(1) now allows to use the -b and -k option combined to allow reducing + an ACL to only reflect standard POSIX permissions. + + +Bug Fixes +--------- diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog index 8c929774c..f20a72daf 100644 --- a/winsup/doc/ChangeLog +++ b/winsup/doc/ChangeLog @@ -1,3 +1,7 @@ +2015-11-18 Corinna Vinschen + + * new-features.xml (ov-new2.4): Add new ACL changes. + 2015-11-18 Corinna Vinschen * utils.xml (setfacl): Accommodate -b/-k change. diff --git a/winsup/doc/new-features.xml b/winsup/doc/new-features.xml index 059609a20..ff8c03659 100644 --- a/winsup/doc/new-features.xml +++ b/winsup/doc/new-features.xml @@ -8,6 +8,29 @@ + +New, unified implementation of POSIX permission and ACL handling. The +new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and +they allow to inherit the S_ISGID bit. ACL inheritance now really +works as desired, in a limited, but theoretically equivalent fashion +even for non-Cygwin processes. + +To accommodate standard Windows ACLs, the POSIX permissions of +the owner and all other users in the ACL are computed using the Windows +AuthZ API. This may slow down the computation of POSIX permissions +noticably in some circumstances, but is generally more correct. +The new code also ignores SYSTEM and Administrators group permissions +when computing the MASK/CLASS_OBJ permission mask on old ACLs, and it +doesn't deny access to SYSTEM and Administrators group based on the +value of MASK/CLASS_OBJ when creating the new ACLs. + +The new code now handles the S_ISGID bit on directories as on Linux: +Setting S_ISGID on a directory causes new files and subdirs created +within to inherit its group, rather than the primary group of the user +who created the file. This only works for files and directories +created by Cygwin processes. + + New API: rpmatch.