CYGWIN=ntsec, "cp -a", and NT acls

Rob Walker rwalker@qualcomm.com
Sat Dec 6 05:57:00 GMT 2008 

Thanks for your patience, Brian.

-Rob

Brian Dessent wrote:
> Rob Walker wrote:
>
>   
>> [RGW] Hm, looks simple...  Why isn't this part of "cp -a" ?
>>     
>
> You have to understand the history of things.  In the classic unix
> world, a file has an owner, a group, a mode, and several timestamps. 
> From the standpoint of what "cp -a" can manipulate portably, that's
> basically it.  All of those things are neatly returned by stat(3) and
> are easily settable/copyable across various filesystems.
>
> Extended attributes and/or ACLs are a relatively new introduction --
> 'new' relative to the fact that traditional unix filesystems are more
> than 30 years old.  They are also inherently very filesystem and
> operating system-specific: everybody does it slightly differently. 
> Check out this overview of the subtle differences of a dozen different
> platforms' ACL APIs:
> <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob_plain;f=doc/acl-resources.txt;hb=HEAD>.
>
> It's very hard for a general program like 'cp' to know about all these
> various ACL APIs, let alone have any idea how it would go about
> translating the semantics of one to another, which would be required for
> copying across two different filesystems.  Remember that 'cp' comes from
> GNU coreutils which is a set of generic tools that target dozens of
> various *nix-ish platforms, whereas the implementations of the getfacl
> and setfacl commands come from Cygwin itself which has the specific
> knowledge of Windows NT ACLs.
>
>   
>> [RGW] This differs from my experience.  Many Windows tools are able to 
>> (built to?) twiddle +R and overwrite.  They do not seem to be able to 
>> handle when the ACLs deny them permission, though.
>>     
>
> Again, attributes have zero to do with security or permissions.  They
> are just a few extra advisory bits that the application (or C runtime)
> is free to interpret in any way it wants; they offer nothing in the form
> of OS-enforced restrictions.  The Cygwin feature of using the 'backup
> privilege' to emulate root semantics is about bypassing ACLs, not
> attributes.
>
> Brian
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>
>   


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list