Cygwin's ACL handling is NOT interoperable with Windows
Sat Aug 4 20:06:00 GMT 2018
Am 04.08.2018 um 19:11 schrieb Stefan Kanthak:
> <https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files> states:
> | There's just one problem when trying to map the POSIX permission model
> | onto the Windows permission model.
> | Canonical ACLs are unable to reflect each possible combination of POSIX
> | permissions.
> | Again: This works on all supported versions of Windows. Only the GUIs
> | aren't able (or willing) to deal with that order.
> These last two statements are wrong:
> * the first statement holds ONLY because of the LIMITATION of the POSIX
> permissions; it is WRONG for the general case, which ALL Windows
> interfaces/components need to consider and handle, EVERYWHERE!
Cygwin aims to POSIX compliance, using the tool given by Windows.
Have you tested all the possible POSIX permissions and verified that
it is possible to replicate with windows ACL ?
Please note that ACL were not created by Microsoft.
> * the second statement is a blatant lie: to guarantee CORRECT
> interpretation of arbitrary ACLs, ALL Windows interfaces/components,
> not just the "GUIs", MUST create CANONICAL ACLs only.
That is your opinion.
About the "lie", may I suggest you an old Italian classic
"Galateo of Manners & Behaviours by Giovanni Della Casa"
> This especially means that not just Windows Explorer, but also the
> command processor with its builtin COPY command as well as the
> CopyFile() <https://msdn.microsoft.com/en-us/library/aa220078.aspx>
> API (just to pick 3 examples) bring INHERITED ACEs into their PROPER
> canonical order.
> As Cygwin is a guest in the house of Windows, it should respect its hosts
> house rules; instead it but violates them, and blames the host for its
What is your problem ?
If you don't like how cygwin is behaving, you can:
- stop to use it
- propose a change (with a patch of course)
- learn to use it without venting
> Fix Cygwin's BUGGY ACL creation!
Cool down. You paid nothing, we own you nothing.
No one here is paid to solve your "theorical" problem;
if you know a better way to handle the POSIX permissions
show us the code and we can discuss.
> Stefan Kanthak
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin