This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: default ACLs


On Oct 24 10:21, Mikel Ward wrote:
> Corinna wrote:
> > Neither the NtCreateFile function, nor the
> > CreateFile function handle ACE inheritance either. 
> 
> Looks like that's only if lpSecurityAttributes is non-NULL, but I guess
> Cygwin uses that field?

Well, Cygwin uses NtCreateFile, rather than CreateFile and it's the 
security descriptor which has to be NULL, not the lpSecurityAttributes
itself in calls to CreateFile, but, yes.

The original idea was to do everything in a single system call for
performance.  This didn't work on remote shares under all circumstances
so there was already code which tweaked the security descriptor after
the NtCreateFile call.

After I sent my reply I experimented some more with this and it turned
out that setting the descriptor to NULL in NtCreateFile was actually
enough to get inheritance working.  There's no need to replace
NtSetSecurityObject with a call to SetSecurityInfo, it would even
lead to wrong results instead of making things better.

I applied a patch to Cygwin CVS which seems to work fine.  That will
be in the next 1.7.0 test release.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]