On Apr 11 10:47, Achim Gratz wrote:
> Corinna Vinschen writes:
> > - To accommodate Windows default ACLs, the new code ignores SYSTEM and
> >   Administrators group permissions when computing the MASK/CLASS_OBJ
> >   permission mask on old ACLs, and it doesn't deny access to SYSTEM and
> >   Administrators group based on the value of MASK/CLASS_OBJ when
> >   creating the new ACLs.
> 
> Since you've now opened that can of worms of who is considered "root",
> what about "Domain Administrators" or "Power Users", for starters?

Nope.  The special handling for SYSTEM and Admins will help for the
default permission settings on Windows filesystems, and it won't
negatively influence the ACL mask handling.

> >   That means, even if SYSTEM or Administrators have full access to the
> >   file, the POSIX permssion bits will not reflect that fact.  And while
> >   other users get access denied based on the mask value, SYSTEM and
> >   Administrators will never get access denied based on the mask.
> 
> If you want to put this to better use in larger settings it would seem
> preferrable if it was possible to define a list of users to treat this
> way in fstab.

Nope, sorry, no configuration for this.  Either it's handled without
any exception, or for SYSTEM only, or for SYSTEM+Admins.  But either
way, we're doing it the same way on every system.

> Sorry to pile another one on here: Currently it's not possible to use -k
> and -b on the same invocation.  This works just fine on Linux.

I'm not planning to work on this, but as for other parts of Cygwin,
I do take patches.

> Having the newer getfacl / setfacl from *BSD that deals with NFSv4 ACL
> might be worth a shot,

ACL handling on Cygwin is POSIX ACL handling.  Either that or you set
"noacl" and use Windows tools.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat