From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 73141 invoked by alias); 14 Apr 2015 15:53:59 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 73132 invoked by uid 89); 14 Apr 2015 15:53:59 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-4.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 14 Apr 2015 15:53:58 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id C2062A807D2; Tue, 14 Apr 2015 17:53:55 +0200 (CEST) Date: Tue, 14 Apr 2015 15:53:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.0.0-3 Message-ID: <20150414155355.GO7343@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <2bbd046b7e2ea40818416d8a6d3f15b8.squirrel@webmail.xs4all.nl> <20150414085757.GC7343@calimero.vinschen.de> <20150414145212.GG7343@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EecmvZxDifkbrwfl" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-SW-Source: 2015-04/txt/msg00314.txt.bz2 --EecmvZxDifkbrwfl Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 1308 On Apr 14 15:35, Achim Gratz wrote: > Corinna Vinschen cygwin.com> writes: > > Yes, perfectly normal and that already occured with older ACLs > > created by Cygwin: > >=20 > > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files > >=20 > > Don't reorder them. >=20 > Ah, OK. I must have been lucky not to encounter them so far. The order is only supposed to become non-canonical if user(s) have less permissions than group(s), and if group(s) have more permissions than the MASK value and less permisssions than "other". In these cases, DENY ACEs have to be generated to create an ACE which fully supports POSIX permissions. However, the DENY ACEs for groups must not precede the ALLOW ACEs for USERs due to the way permissions are handled by the OS. "Canonical" ACLs just don't allow to fully express POSIX permissions. It's a pity that this arbitrary rule has been expressed, especially given that the OS doesn't really care. It handles the ACEs simply in order of occurance. There's also no good reason that the GUI wants to reorder, except that Microsoft didn't implement a GUI which allows manual ordering of ACEs. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --EecmvZxDifkbrwfl Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJVLTgTAAoJEPU2Bp2uRE+gtjUP/29v2ARr3dXBMtxQ/umaiHQ4 PSKyXB2XrE4hKgQUoQieOAU24OFFoyaFSBQf5xfkzyQBEEOqJ+diCkvldFXXJJdd Cu0rtMbAFvRc1PBDvZ9Qh3AdnFlLLuO/1V5woD8rB9RLogWFebW4kC868oIjsKyC c22kyBHGiehCcH8iw7rZpKtru3YEIIqN0197LsfDknr51NEZZyoQ2FxnaYFeP3T3 nS2zYYi5kNXzWmBKwt7Rehai7nE6BDDg8D4R1wd91yi7LuOS4V8vvz0ErvN/Cg4m MY3S6abEOkwY5ojfcrQInIrHUJaabv2Wt/JOJzQTIB9lheVlSoXFcxXZ5j1wHQTb qw+3q0Cgx/hg6kf0HttobL6pL9vX8w9mdhSu+rYVOochSI0J6+Sz1Ne87vO6BaCU 6+O9Dmcapz48aWt9fpNn96CXaxen2Zs5tvuTcRWOJnBr9O2UOk2mmTP66fK/Q/7K 5FPcazmgyUbgSpVxPB9vxIqjjrI+afRqUfECxGEsrwb6B592ad1bvYoDupXJ4MHF R3FPoJRcxl1RydCInmDynDQee0YZWGFx3Vosu+18ieo/fKFO+nZBeuNT+qcFDnoj 7yTe/SNOZaxG6IvUfWjenSLVKHkVUTZp7VT3zSaFuUPqMTi+8bPG07gP3gwNbihG GxLQ4SNTYGRPDOJAy8El =rr6G -----END PGP SIGNATURE----- --EecmvZxDifkbrwfl--