From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Shares with strange ACL settings
Date: Wed, 12 Aug 2015 15:58:00 -0000 [thread overview]
Message-ID: <20150812155817.GN13029@calimero.vinschen.de> (raw)
In-Reply-To: <loom.20150812T172703-7@post.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 2999 bytes --]
On Aug 12 15:50, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > I don't know what to do about this. We're talking back and forth
> > about reflecting group perms into user perms and whether we do it
> > or not, it always seems to have some downside on some installations.
>
> Since there are fundamental differences between how Windows evaluates ACL
> vs. what POSIX expects this problem isn't going away anytime soon.
> Depending on how much control you have over the default or inherited ACL you
> can pretend these differences are non-existing with varying degrees of
> success. Another fly in that ointment are the Backup/Restore privileges,
> but these you can control if you are aware of them.
Cygwin is aware of them and access(2) explicitely checks for them. That
obviously doesn't help for applications like perl, who "know better"
than the underlying OS how to evaluate perms.
> > > So, it would probably help if I had a mount option to force the ownership to
> > > some account that I am never logged in as, either via a mount option or
> > > whenever the POSIX user modes are all cleared. I don't know if that might
> > > confuse applications when they check ownership on newly created files,
> > > though. Is that something that is implementable easily so it could be
> > > tested via a snapshot?
> >
> > I'm not sure I understand the idea of mounting w/ an explicit user account
> > and how this might help. What about just using the noacl mount option
> > for weird shares like the above?
>
> That mount option would ensure that the ACL are actually consulted by a
> POSIX application when the user mode bits are all cleared since the file
> would appear not to be owned by the (E)UID. The only other option I can see
> would be to augment stat to traverse the DACL when both these conditions are
> met: the file is owned by the (E)UID of the calling process and the user
> mode bits are all cleared. That is, do the faccessat on behalf of the
> application that it would otherwise (likely) do if the file was _not_ owned
> by the user. Of course you can't really know why stat was called and that
> might impact perfromance quite noticeably.
It does. Another, *very* simple idea is this: Spill the group and
other perms into the user bits only if the owner of the file is the
current user. Would that help?
> As to "why not use the noacl option", that makes the file mode tests
> completely useless and requires more elaborate error handling that would
> otherwise not be necessary. Some users and scripts they have written are
> not prepared for that extra complication.
But there's no additional checking necessary because the perms are
guarded by the OS anyway. The applications just don't know them exactly.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-08-12 15:58 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-11 8:42 Achim Gratz
2015-08-11 17:20 ` Andrey Repin
2015-08-11 17:29 ` Achim Gratz
2015-08-12 15:26 ` Corinna Vinschen
2015-08-12 15:50 ` Achim Gratz
2015-08-12 15:58 ` Corinna Vinschen [this message]
2015-08-12 18:09 ` Achim Gratz
2015-08-12 18:32 ` Corinna Vinschen
2015-08-12 21:03 ` Achim Gratz
2015-08-13 16:33 ` Corinna Vinschen
2015-08-13 17:48 ` Achim Gratz
2015-08-13 17:53 ` Corinna Vinschen
2015-08-14 8:30 ` Corinna Vinschen
2015-08-14 10:56 ` Achim Gratz
2015-08-14 13:45 ` Corinna Vinschen
2015-08-14 18:25 ` Achim Gratz
2015-08-14 18:43 ` Corinna Vinschen
2015-08-17 8:20 ` Corinna Vinschen
2015-08-15 15:11 ` Achim Gratz
2015-08-15 18:31 ` Corinna Vinschen
2015-08-15 19:04 ` Achim Gratz
2015-08-17 8:28 ` Achim Gratz
2015-08-17 9:03 ` Corinna Vinschen
2015-08-17 9:12 ` Achim Gratz
2015-08-17 10:45 ` Corinna Vinschen
2015-08-17 10:51 ` Achim Gratz
2015-08-17 11:03 ` Corinna Vinschen
2015-08-17 11:09 ` Achim Gratz
2015-08-17 11:31 ` Corinna Vinschen
2015-08-17 11:39 ` Corinna Vinschen
2015-08-17 11:43 ` Achim Gratz
2015-08-17 12:42 ` Achim Gratz
2015-08-17 12:56 ` Corinna Vinschen
2015-08-17 13:12 ` Achim Gratz
2015-08-17 14:53 ` Corinna Vinschen
2015-08-17 15:47 ` Achim Gratz
2015-08-17 16:11 ` Corinna Vinschen
2015-08-15 15:41 ` Marco Atzeri
2015-08-15 18:32 ` Corinna Vinschen
2015-08-13 17:56 ` Achim Gratz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150812155817.GN13029@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).