Incongruence between cygwin and samba ACL handling

Corinna Vinschen
Thu Aug 14 15:07:00 GMT 2008

On Aug 14 16:39, Abramo Bagnara wrote:
> Corinna Vinschen ha scritto:
> > I was inclined to say that this is neither a Cygwin, nor a Samba bug,
> > since Cygwin has good reasons to set the FILE_READ_ATTRIBUTES and
> > FILE_READ_EA flags (Everybody must be able to read this for POSIX
> > permission handling) as well Samba has good reasons to set the read
> > permission bit if any one of these permission flags is set.
> Thinking more about that, I'm tempted to disagree about the latter.
> [...]
> IMHO when a permission model is mapped in another permission model that
> has less or different granularity the resulting permission should be a
> subset of the original one.
> To use a different policy is inherently dangerous, especially because
> this conversion is implicit and user is not informed of consequent data
> exposure.
> I'm missing something? Which are the good reasons for samba to set the
> read permission bit you see?

Usability.  Since the granularity of POSIX permissions only allows to
say "read or not read", the necessaity to allow a user to access any
property of a file (data, attributes, extended attributes) requires
the server to open up read permissions in general.  I see your point,
but it's entirely impratical to implement, IMO.  If that's an issue
for you, you should discuss this issue on a Samba mailing list, though.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

More information about the Cygwin-developers mailing list