CYGWIN=ntsec, "cp -a", and NT acls

Brian Dessent
Sat Dec 6 05:01:00 GMT 2008

Rob Walker wrote:

> [RGW] Hm, looks simple...  Why isn't this part of "cp -a" ?

You have to understand the history of things.  In the classic unix
world, a file has an owner, a group, a mode, and several timestamps. 
>From the standpoint of what "cp -a" can manipulate portably, that's
basically it.  All of those things are neatly returned by stat(3) and
are easily settable/copyable across various filesystems.

Extended attributes and/or ACLs are a relatively new introduction --
'new' relative to the fact that traditional unix filesystems are more
than 30 years old.  They are also inherently very filesystem and
operating system-specific: everybody does it slightly differently. 
Check out this overview of the subtle differences of a dozen different
platforms' ACL APIs:

It's very hard for a general program like 'cp' to know about all these
various ACL APIs, let alone have any idea how it would go about
translating the semantics of one to another, which would be required for
copying across two different filesystems.  Remember that 'cp' comes from
GNU coreutils which is a set of generic tools that target dozens of
various *nix-ish platforms, whereas the implementations of the getfacl
and setfacl commands come from Cygwin itself which has the specific
knowledge of Windows NT ACLs.

> [RGW] This differs from my experience.  Many Windows tools are able to 
> (built to?) twiddle +R and overwrite.  They do not seem to be able to 
> handle when the ACLs deny them permission, though.

Again, attributes have zero to do with security or permissions.  They
are just a few extra advisory bits that the application (or C runtime)
is free to interpret in any way it wants; they offer nothing in the form
of OS-enforced restrictions.  The Cygwin feature of using the 'backup
privilege' to emulate root semantics is about bypassing ACLs, not


Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list