From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-196403-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 68955 invoked by alias); 11 Apr 2015 10:07:57 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 68946 invoked by uid 89); 11 Apr 2015 10:07:56 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.5 required=5.0 tests=AWL,BAYES_20,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 11 Apr 2015 10:07:55 +0000
Received: by calimero.vinschen.de (Postfix, from userid 500)	id A9880A80BEE; Sat, 11 Apr 2015 12:07:52 +0200 (CEST)
Date: Sat, 11 Apr 2015 10:07:00 -0000
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: [TESTERS needed] New POSIX permission handling
Message-ID: <20150411100752.GE19111@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <20150410100703.GA4401@calimero.vinschen.de> <CAAXzdLUFeBX6EREpMA2WeMYT+oS8c=JXhqkwrvNYUGjsWFrW8w@mail.gmail.com> <20150411094020.GB19111@calimero.vinschen.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="HnQK338I3UIa/qiP"
Content-Disposition: inline
In-Reply-To: <20150411094020.GB19111@calimero.vinschen.de>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SW-Source: 2015-04/txt/msg00197.txt.bz2

--HnQK338I3UIa/qiP
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-length: 2506

On Apr 11 11:40, Corinna Vinschen wrote:
> On Apr 10 19:00, Steven Penny wrote:
> > On Fri, Apr 10, 2015 at 5:07 AM, Corinna Vinschen wrote:
> > > Please give the new code a try.  I uploaded new 2015-04-10 developer
> > > snapshots to https://cygwin.com/snapshots/
> >=20
> > Here is the test I ran:
> >=20
> >     $ cd /cygdrive/c
> >=20
> >     $ touch ~/{alpha,bravo}.sh ~+/{charlie,delta}.sh
> >=20
> >     $ chmod +x ~/bravo.sh ~+/delta.sh
> >=20
> >     $ ls -l --color ~/{alpha,bravo}.sh ~+/{charlie,delta}.sh
> >     -rw-rw-r--+ 1 John None 0 Apr 10 16:51 /cygdrive/c/charlie.sh
> >     -rwxrwxr-x+ 1 John None 0 Apr 10 16:51 /cygdrive/c/delta.sh    (gre=
en)
> >     -rw-r--r--  1 John None 0 Apr 10 16:51 /home/John/alpha.sh
> >     -rwxrwxr-x  1 John None 0 Apr 10 16:51 /home/John/bravo.sh     (gre=
en)
> >=20
> > So "charlie.sh" looks strange because it has that extra write permissio=
n.
> > However this is not a big deal for me. My concern was that everything w=
as
> > showing up executable (green) when running "ls --color". So overall thi=
s is an
> > improvement, thanks.
>=20
> What is '~+'?  Is that some weird bash feature?
>=20
> Did you check the ACL?  The ACL before and after the change should
> explain what happened.  Check it with getfacl *and* icacls to get
> an idea what it looks like, and compare the result with the POSIX
> ACL rules, as outlined on, e.g., http://linux.die.net/man/5/acl.

On second thought, what you need to know is what the NULL DENY ACE looks
like when looking at it in icacls.

The following bits in the NULL DENY access mask are used:

  Windows access    <->   POSIX access
  --------------          ------------
  FILE_READ_DATA          S_ISVTX
  FILE_WRITE_DATA         S_ISGID
  FILE_APPEND_DATA        S_ISUID

  FILE_READ_EA            MASK S_IXOTH  (POSIX execute perms)
  FILE_WRITE_EA           MASK S_IWOTH  (POSIX write perms)
  FILE_EXECUTE            MASK S_IROTH  (POSIX read perms)

  FILE_DELETE_CHILD       Set if MASK is valid

  READ_CONTROL            Set to mark this as a "new style" ACL.

  SYNCHRONIZE             Has no meaning, but icacls has a bug in
                          printing the access mask of DENY ACEs.

Same bits are used in the inheritable NULL DENY, but S_ISVTX and S_ISUID
should never be set, because they are not supposed to be inherited,


HTH,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--HnQK338I3UIa/qiP
Content-Type: application/pgp-signature
Content-length: 819

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVKPJ4AAoJEPU2Bp2uRE+gfg8P/3HJPvIBarc1HqfyacTuGZR6
azhnIB9n/IQloA4/aCRzGzYpiGeRAkyVe35Gej6TdRj47aPP4TqiOV5syQ8AJnVR
wiBtMiACU3VKjpRblzxzCnNzVwg/29xMXg0q77TWcBJrTn9+jloDsD4d85ywiJxk
EIOL0aYEZV/56l/ONjFBlRY/Xlq6zAVr92A1VCy7NPeMm6Z/x1KSd6m7RkBrZ+Lm
Nx9EY0Rpm9cHUsTtrotcCXhimLgyGMeV1Q/3Hp/eDJQX8+5mSBbGQ4YyQze2GE4N
Glv5xOKVFOeuEPwUGHEDAcJjN7x3PSkeK/ILul9p5DSGOsK+o+sak1TSyNhjwm6k
4K48nSn5n/cgzLdhKgU/piKIbpqaz7MvY/++1PWXkKRaV01/kn9g9//gRF5VGyvD
Mp5+WcAyT9MAymogzmRz8dvea99ENeI8YTUPfabqONyUg0huiJCjiEwN2Z8qrWfD
VWg/cyBpbhPDJI7j2Du3VJ7SqeVyPI1KNbD5y4jSB+nfSnizWxAL6cpoDtDTRLwf
PP+nmIXSqloFDxZP+Uz7zlzjZMWO+vyH2Kr40AvdGNIjBsIV+LrPsX5KIH4ptbfn
+30vEJQGkmV3JHGyraJM5/xLBeqfTwmBFviZAiAggkB+2H3DNAGo0OH7UlDCVdEm
RRiSv4w+/Ynf/UrMWHb5
=Wc1V
-----END PGP SIGNATURE-----

--HnQK338I3UIa/qiP--