This is the mail archive of the cygwin mailing list for the Cygwin project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On Apr 14 15:35, Achim Gratz wrote: > Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes: > > Yes, perfectly normal and that already occured with older ACLs > > created by Cygwin: > > > > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files > > > > Don't reorder them. > > Ah, OK. I must have been lucky not to encounter them so far. The order is only supposed to become non-canonical if user(s) have less permissions than group(s), and if group(s) have more permissions than the MASK value and less permisssions than "other". In these cases, DENY ACEs have to be generated to create an ACE which fully supports POSIX permissions. However, the DENY ACEs for groups must not precede the ALLOW ACEs for USERs due to the way permissions are handled by the OS. "Canonical" ACLs just don't allow to fully express POSIX permissions. It's a pity that this arbitrary rule has been expressed, especially given that the OS doesn't really care. It handles the ACEs simply in order of occurance. There's also no good reason that the GUI wants to reorder, except that Microsoft didn't implement a GUI which allows manual ordering of ACEs. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
Attachment:
pgp741aH3IYDm.pgp
Description: PGP signature
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |