From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 44272 invoked by alias); 10 Apr 2015 10:07:08 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 44260 invoked by uid 89); 10 Apr 2015 10:07:07 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 10 Apr 2015 10:07:06 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id EFB4EA80BDB; Fri, 10 Apr 2015 12:07:03 +0200 (CEST) Date: Fri, 10 Apr 2015 10:07:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: [TESTERS needed] New POSIX permission handling Message-ID: <20150410100703.GA4401@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="a8Wt8u1KmwUX3Y2C" Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-SW-Source: 2015-04/txt/msg00171.txt.bz2 --a8Wt8u1KmwUX3Y2C Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 2670 Hi folks, I just applied a patch I'm working on for quite some time now. As I outlined before on this list, the POSIX permission handling has aged considerably and, for historical reasons, did things differently dependent on the calling function. I took the time to reimplement the core functionality to handle all ACLs as strictly following POSIX ACL rules as possible. Cygwin now generates ACLs in a certain way, always following the same construction rules. The new ACLs are always recognizable as Cygwin ACLs. The always start with an Access-Denied ACE for the NULL SID with certain bits set. Any ACL not starting this way is handled as a non-Cygwin or "old style" ACL, but still trying to evaluate the ACL as strictly following POSIX rules as possible. Two other noticable changes from before: - To accommodate Windows default ACLs, the new code ignores SYSTEM and Administrators group permissions when computing the MASK/CLASS_OBJ permission mask on old ACLs, and it doesn't deny access to SYSTEM and Administrators group based on the value of MASK/CLASS_OBJ when creating the new ACLs. That means, even if SYSTEM or Administrators have full access to the file, the POSIX permssion bits will not reflect that fact. And while other users get access denied based on the mask value, SYSTEM and Administrators will never get access denied based on the mask. This should help in Cygwin<->Windows interoperability. - The new code now handles the S_ISGID bit on directories as on Linux: Setting S_ISGID on a directory causes new files and subdirs created within to inherit its group, rather than the primary group of the user who created the file. But note that this only works for files and directories created by Cygwin processes. The group change is not supported automagically by Windows, so the process creating the new file has to change the file group silenmtly after creating the file. Apart from bugfixing the aforementioned code, there's still work to do on the getfacl and setfacl tools: - The getfacl tool needs an extension in output to print the effective permissions on users and groups restricted by the mask value. - The setfacl tool needs code to compute the new mask value, just as on Linux. I'm looking into that next week. Please give the new code a try. I uploaded new 2015-04-10 developer snapshots to https://cygwin.com/snapshots/ Probably next week I will also create a test release which can be installed via setup-x86{_64}.exe. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --a8Wt8u1KmwUX3Y2C Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJVJ6DHAAoJEPU2Bp2uRE+gTiMQAJlNEU5HW/jiK6/yxQQXvqth knw/QFmqMEqMxhw5X2tBKhdvNN+o95cLAOZZV0gRbqfCyK2K4Cb6Sz8rat58j2Bz bLMthfwswPcR3xLof9Cs+bXzqiyXF1HBV/yeuFMR4DlQv628ZakqO7YMMd9ZhiDy ysiCFyjMeiNHJBwCSacqpzBusu7xDaYH1HyZnjpWl/7uoNt5j6ktMc/LtdCQv6zF rr6qAzatjC5TCQW7/96ULk4/umJeu1QBLuYZ5HKvwsLcUuwf6lgsgNa2PbHDWo80 d2lFfm0J8T4c3ZXfFKt7qfurPyNUkckTmEyIIkacAEQE7UYUR2jOiAw5aLK+cMZn KZ5ruHJ1MSUBkDlUOcWaEYoiYg9QScaWIV51GnMu7fNv473ZvLadzg9xyZpgvddz s+sUywYeYI8+dtRCcUiPRp4Tqu7rUxx9UNfzGGeiKSV43ENj4surtQRAIRQxXiuH c/WER8P0rqKsDpUMVTOODJRJjM7HxSRScdOt0/NJCbmDBx/f1AVeEMHBxjYo4Y6C l7+vFJqoTkmrdw9EzgiScT7Z7anzcY8x8fAxUN4AZnG5/oW6ERCmMQdZ6LFq8iNx ZvBEmoWFbjoe9MIX/8QLERlseCkFT4AT2Eqipwd7NQxq/EfxNZ8Y5O6ns10l8hGR NRM3BpSNXFJaSgHMRI8a =wJTL -----END PGP SIGNATURE----- --a8Wt8u1KmwUX3Y2C--