ACEs and ACLs

[J. Terry Corbet]

This is a somewhat belated reply to your emails concerning my troubles 
with ACLs.  It is belated because the environment which I attempt to 
manage via a single administrative account looking at all mounted file 
systems as if they were local to whichever workstation I happen to be 
working from is rather large after several decades of evolution of 
hardware, bioses and operating systems and has taken me this much time 
to apply the recommended fstab setting and test against all the 
different source and target destinations.  [My environment is actually 
rather minuscule as compared to what many professional sys admins 
accomplish daily in using Cygwin in their corporate environments with 
hundreds of users, but pretty large for a private, home network.]

So, the primary purpose of this follow-up is to thank you for the 
'noacl' advice and to confirm that I am back to having the necessary 
controls.  Thank you.  But, while it is true that I have accomplished my 
task, in a low priority back-drop, if you have the time, I would 
appreciate being pointed to any documentation or tutorials that might 
help me understand the conundrum with which the experience leaves me.  
Namely:

Even with noacl specified, the result of modifying some simple text file 
-- either locally or remotely -- causes some perturbation in the 
resulting set and order of ACEs in the ACL for that file versus what is 
the result if I use some native, non-cygwin software to perform 
precisely the same modification -- again, either operating locally or 
remotely.

This lack of real understanding on my part could be looked at from these 
two questions that I have:

A.  If noacl is _not_ the default setting for a Cygwin install, it would 
seem that the existing handling of ACLs must meet most of the user 
community's needs.  For what sorts of networks and/or environments -- 
which must differ from mine as being comprised solely of Windows Mapped 
Network Drives having ntsf partitions -- does the fstab option of acl 
work better than noacl?

or, alternately

B.  Are the differences that can be observed in the resulting ACL state 
of a simple text file being 'touched' by a native Windows executable and 
a similar Cygwin executable only differences in style or syntactical 
preference but no actual difference in the suite of permissions 
available to both local and remotely authenticated users?  [I have been 
able to discern, for example, differences between explicit and inherited 
specifications, but there are also differences which derive, as it seems 
from the use of <perms> specified in what the icacls documentation page 
describes as "basic" as contrasted with "advanced" permissions.]

Thanks for whatever you can suggest on my non-critical, low-priority 
request for additional information.

On 2024-03-18 08:43, Corinna Vinschen via Cygwin wrote:
> On Mar 18 08:30, J. Terry Corbet via Cygwin wrote:
>> Thank you for the greatly needed assistance, but the reference to which you
>> have pointed me says that noacl will be ignored in the case of ntfs file
>> systems.
> No, it doesn't say that.  It says
>
>    "The flag is ignored on NFS filesystems."
>                            ^^^
>                          not NTFS
>
>> All of mine are and that has not changed, neither has the default
>> entry in fstab, which seems always to have been:
>>
>> none /cygdrive cygdrive binary, posix=0, user 0 0
> Well, the code in question hasn't changed for years either.
>
>
> ¯\_(ツ)_/¯
> Corinna
>