ACL inheritance problem

Pierre A. Humblet Pierre.Humblet@ieee.org
Mon Nov 2 17:14:00 GMT 2009 

----- Original Message ----- 
From: "Corinna Vinschen" 
To: <cygwin-developers>
Sent: Monday, November 02, 2009 11:34
Subject: Re: ACL inheritance problem


| On Nov  1 16:07, Pierre A. Humblet wrote:
| > From: "Larry Hall (Cygwin Developers)" 
| > | On 10/30/2009 03:59 PM, Corinna Vinschen wrote:
| > | > On Oct 30 14:35, Corinna Vinschen wrote:
| > | >> 4. Re-enable (I disabled this code back in February) the code which
| > | >>     always creates directories with inherit-only CREATOR OWNER and
| > | >>     CREATOR GROUP entries.  That means, if I create a file in such a
| > | >>     directory, it will create default owner/group entries since the
| > | >>     parent directory has inheritable permissions.  The default DACL is no
| > | >>     problem anymore.  Native Win32 processes will create files using the
| > | >>     same inherited permissions.
| > | >>
| > | >>     Drawbacks:
| > | >>     - As in 1.5 times, directories are always created with extra ACEs,
| > | >>       so every directory has a '+' in the `ls -l' output.
| > | >>     - This only helps for newly created directories.  Creating files
| > | >>       in existing directories will continue to suffer from the described
| > | >>       problem.
| > | >>     - setup-1.7.exe would have to be changed as well, since right now
| > | >>       it creates plain, non-inheritable POSIX permissions for directories.
| > | >>
| > | >> I'm a bit at a loss to decide what's the best solution.  I'm leaning to
| > | >> solution 2 because it's the least extra processing.  OTOH, it's probably
| > | >> not really nice to shrug away native Win32 processes, so maybe
| > | >> additionally re-enabling the Cygwin part of solution 4 would produce
| > | >> less trouble in the long run.
| > | >
| > | > I've applied a patch to implement #2 above.  I'd still be interested
| > | > if anybody thinks it's a good idea to re-enable the #4 code and, maybe,
| > | > to tweak setup to generated inheritable CREATOR OWNER and CREATOR GROUP
| > | > entries to be more friendly to Win32 applications.  Not even Interix is
| > | > doing that, but they can excuse themselves by being their own POSIX
| > | > subsystem rather than running in the Win32 subsystem.
| > | 
| > | I still like the idea of #4, if we're voting. :-)
| > 
| > Same here.
| 
| Why?
| 
| Don't get me wrong, but I would really like to *discuss* this rather
| than just have some arbitrary opinion.  It's an easy change, but I'm
| really curious if we really need it.  After all, I disabled this back in
| February, and nobody seem to have noticed it.  Cygwin applications
| won't care anyway, so it's a pure curtesy to non-Cygwin processes.
| 
| So, again the simple question.
| 
| Why?

I use non cygwin programs to create files in directories created by Cygwin and 
like to get coherent permissions. The + in the ls output doesn't bother me.
If they cause problems, permissions of existing directories can be fixed by the user.
After all 1.7 is still experimental. 

Why not, in addition the 3 drawbacks above?

Pierre

More information about the Cygwin-developers mailing list