From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 125949 invoked by alias); 12 Aug 2015 15:26:06 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 125936 invoked by uid 89); 12 Aug 2015 15:26:05 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-4.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 12 Aug 2015 15:26:04 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id C1CC2A80565; Wed, 12 Aug 2015 17:26:01 +0200 (CEST) Date: Wed, 12 Aug 2015 15:26:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Shares with strange ACL settings Message-ID: <20150812152601.GL13029@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="NqSa+Xr3J/G6Hhls" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-SW-Source: 2015-08/txt/msg00174.txt.bz2 --NqSa+Xr3J/G6Hhls Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 2816 On Aug 11 08:42, Achim Gratz wrote: > I've thought some more about those strange shares I need to use that have > inherited ACL that don't let me change the ACL at all and hence prevent > Cygwin from fixing up the POSIX permissions. That generally ends up with > permissions like these: >=20 > % ll test > total 10 > d---rwx---+ 1 gratz Domain Users 0 Aug 10 11:51 ./ > d---rwx---+ 1 Administrators Administrators 0 Aug 10 11:50 ../ > ----rwx---+ 1 gratz Domain Users 18 Aug 10 11:51 blafasel* > ----rwx---+ 1 gratz Domain Users 18 Aug 10 11:51 blumblum* I don't know what to do about this. We're talking back and forth about reflecting group perms into user perms and whether we do it or not, it always seems to have some downside on some installations. A reworked implementation which takes the exact user perms into account in a Windows environment, and which works from a normal user account is a major undertaking. I doubt I'll have the time to implement something big any time soon. > Some applications that know how POSIX ACL are supposed to work conclude t= hat > such directories or files are not readable: >=20 > % cd test > % perl -E 'say -r "." ? "readable" : "not readable";' > not readable > % perl -E 'say -r "blafasel" ? "readable" : "not readable";' > not readable >=20 > Other applications not using this shortcut and going all the way to > faccessat correctly determine readability: >=20 > % [ -r . ] && echo readable || echo not readable > readable > (1056)/mnt/upload/test > [ -r blafasel ] && echo readable || echo not rea= dable > readable >=20 > If I access the files from another account (that has the same group > memberships that give read/write access to the share) or change the owner, > then the shortcut is never invoked: >=20 > $ perl -E 'say -r "." ? "readable" : "not readable";' > readable > $ perl -E 'say -r "blafasel" ? "readable" : "not readable";' > readable > $ [ -r . ] && echo readable || echo not readable > readable > $ [ -r blafasel ] && echo readable || echo not readable > readable >=20 > So, it would probably help if I had a mount option to force the ownership= to > some account that I am never logged in as, either via a mount option or > whenever the POSIX user modes are all cleared. I don't know if that might > confuse applications when they check ownership on newly created files, > though. Is that something that is implementable easily so it could be > tested via a snapshot? I'm not sure I understand the idea of mounting w/ an explicit user account and how this might help. What about just using the noacl mount option for weird shares like the above? Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --NqSa+Xr3J/G6Hhls Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVy2WJAAoJEPU2Bp2uRE+gQuYP/j7+OT8DBmZkI7AlasjGhhCP GOp4q3X7EN4rWiiBTk4FJHH/N0ugOOT7Qf4Yk3pjM6bDCbyoaLLzp+CSyHP3sMow bxtwigRsdpV9ULur1jFwNWrCL/sLChBCV1+pjWSWcwQIBQUi8ckBx5/aT+/rmPKg 8w+KWuy61EuWAC+4eQW3i/YIfwkIWWXazxHB9N2uzlmefCt4P+sEyuus5Rcv/oUd 19I7yP67aOqEBoP/QtLCbQgvPB+FPawlUoW6GMuyNxTh/ZaVfrDdWDKVcu59/GxH 33U3EpNQ+kNnNfwI5biftyInPl2063iBrUMoCHjObGR3IZgF4DlTmwLcHsHe6ttx kM/qiALv9F1qLgX9OWJRetEGpiJQmi/JyPoNj9U5kyBfVd8jWyv2NpfQOsZIeGv4 1gzYwf6gPUGddNKZ4f2WDLD+2Hmt/4H7/LzcmuqQwcTiGfD3z33ey4yF2BhCduke OBxrNQ/WBIiXrEQ1rnMFQovGot8v1tAD2vjNFCfcFtEe5zGIt/Os0761ONQ7VQd1 4Gr0M+YgJBMHOp5mv+wMjKHGZ3hR/GykZKgINAg97VSw+c62Powi5YqlvngfTjxu 7h1imruoii1jj7MVtZnbr3nMVStY4qify4VlHsm5z6swvYTTd6f3gxvtabzsPEef /xouF/hfc9+KFN12Oc6a =rQzd -----END PGP SIGNATURE----- --NqSa+Xr3J/G6Hhls--