On Apr 18 12:48, Achim Gratz wrote: > Corinna Vinschen writes: > > Right. It's a compromise. I take it you don't like the extra behaviour > > for SYSTEM/Admins. Neither do I. Others are desperately waiting for > > more. The problem with compromises is, they are usually best if nobody > > is completely satisfied ;) > > I have argued against treating them differently, purely based on > consistency between the Windows and POSIX world (where possible at all). > Other considerations have prevailed (maybe rightly so), so I'm not too > surprised to find some inconsistency in the results. Neither am I. We're walking a fine line between two very different systems handling ACLs. > I don't think you'll find a UN*X system that reports executable > permission on a plain file simply because root accesses it (for a > directory it would do that of course). The situation in the above case > is on the face of it different (the ACL actually has the executable bit > set), but as I understand you've been wanting to treat both secondaries > like the root account. I think it would be more sensible to ignore that > execute permission on plain files when otherwise none is granted (since > chmod will never mask it). That would eliminate another reason to > entirely remove the default/inherited ACL and I don't think it has any > consequences on the Windows side. Hang on. As far as access(2) is concerned, Cygwin can't ignore the execute permssions since the OS has its say here. I don't think it's overly helpful to tweak the result after the OS returned it, dependent on the user being SYSTEM or having the Admins group in the token. That's a lot of extra work for a questionable gain. What we *could* try to do is to tweak the actual SYSTEM and Admins ACE, though. Rather than ignoring the CLASS_OBJ/ACL_MASK value completely for them, we could apply the execute bit part only. Usually it doesn't make sense for SYSTEM/Admins having execute perms if nobody else has since it's with high probability no executable file. Would that make sense? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat