This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: ACL weirdness on Cygwin

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Mon, 13 Oct 2008 17:48:33 +0200
Subject: Re: ACL weirdness on Cygwin
References: <48F010D0.3020101@byu.net>
Reply-to: cygwin at cygwin dot com

On Oct 10 20:34, Eric Blake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I'm just as stumped as Bruno on this issue, and don't know if it
> represents a bug in cygwin1.dll.
> 
> - -------- Original Message --------
> [http://lists.gnu.org/archive/html/bug-gnulib/2008-10/msg00195.html]
> 
> The test-copy-acl.sh test fails for me on Cygwin.
> 
> There appears to be a weird interaction between setting a file mode (chmod)
> and setting an ACL. Although on this platform the ACL has entries that
> correspond to user/group/other, the mode is *not* part of the ACL for all
> files.
> 
> The test case showing that 'chmod' influences the ACL is this:
> 
> tmpfile4 is a regular file. One calls acl or facl on it with these entries:
>   (gdb) print entries[0]
>   $5 = {a_type = 1, a_id = 1006, a_perm = 6}
>   (gdb) print entries[1]
>   $6 = {a_type = 4, a_id = 513, a_perm = 0}
>   (gdb) print entries[2]
>   $7 = {a_type = 8, a_id = 0, a_perm = 1}
>   (gdb) print entries[3]
>   $8 = {a_type = 16, a_id = 4294967295, a_perm = 7}
>   (gdb) print entries[4]
>   $9 = {a_type = 32, a_id = 4294967295, a_perm = 4}
> 
> Then "getfacl tmpfile4" shows these entries:
>   user::rw-
>   group::---
>   group:root:--x
>   mask:rwx
>   other:r--
> Looks all right. Then do a chmod 604 on it. Then "getfacl tmpfile4" shows
> this:
>   user::rw-
>   group::r--
>   group:root:--x
>   mask:rwx
>   other:r--
> The "r--" for 'other' has been ORed to the permissions for 'group'!
> [...etc...]

The problem results from the fact that, in contrast to chmod, setfacl
does not create deny ACEs in case "other" and/or the group have more
rights than the group and/or the owner of the file.  I described the
basic problem of mapping POSIX permissions to Windows ACLs years ago in
http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping

setfacl doesn't create deny ACEs and, unfortunately, even removes them
when creating a new file ACL.  Yes, that needs reworking at one point.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- ACL weirdness on Cygwin
  - From: Eric Blake

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]