From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Group Permissions on root folders problem (Windows 10 TP build 10061)
Date: Thu, 10 Sep 2015 17:29:00 -0000 [thread overview]
Message-ID: <20150910172923.GC26699@calimero.vinschen.de> (raw)
In-Reply-To: <55F1AADD.1030908@cornell.edu>
[-- Attachment #1: Type: text/plain, Size: 1814 bytes --]
On Sep 10 12:07, Ken Brown wrote:
> On 9/10/2015 11:49 AM, David A Cobb wrote:
> >On a Windows-10 host: when I use Cygwin *chown***or *chmod *to make
> >permission changes, the next time I access the folder-tree from Windows
> >Explorer Security tab, it complains that the Access Control List is
> >incorrectly ordered and that will cause undesirable results; happy to
> >say, it gives me the chance to re-order the ACL. The usual undesirable
> >result is that an app can create a folder /New/ within /T/ but cannot
> >create anything within /T/////New/.
> >
> >Hypothesis: we are indirectly(?) modifying the ACL but are not observing
> >whatever Windows expects for ordering. I know that Windows enforces
> >"*deny*" rules before any "*allow*" rules; I do not know what other
Ken's right, the docs explain it basically.
Additionally it's important to stress the fact that Windows does not
actually enforce the so-called "canonical" order. It does so only in
some circumstances, as in the GUI. In fact it's only a "nice to have",
not an OS limitation. The evalation order of ACLs is the only
interesting factor and that works the same way, independently from the
ACL being canonical or not. Therefore the Cygwin-generated ACLs are not
necessarily canonical, but still valid.
Just *don't* reorder them in the GUI, unless you really know what you're
doing.
> >ordering it observes. I do know that Windows doesn't really consider
> >the "group" property the same way POSIX does, FWIW.
>
> This is explained in the Cygwin User's Guide:
>
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files
>
> Ken
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-09-10 17:29 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAMH9mcFEL3mao+m-DEYM84kC1HOPeSBpZXD+mDf0USobF9oY7g@mail.gmail.com>
2015-06-16 13:23 ` Brian Buchanan
2015-06-16 15:58 ` Corinna Vinschen
2015-09-05 6:59 ` Takashi Yano
2015-09-06 11:44 ` Corinna Vinschen
2015-09-10 11:05 ` Takashi Yano
2015-09-10 17:23 ` Corinna Vinschen
2015-09-10 17:27 ` Eric Blake
2015-09-10 17:31 ` Corinna Vinschen
2015-09-10 17:36 ` Eric Blake
2015-09-10 17:49 ` Corinna Vinschen
2015-09-11 0:50 ` Andrey Repin
2015-09-11 1:24 ` Eric Blake
2015-09-11 2:05 ` Andrey Repin
2015-09-11 10:04 ` Takashi Yano
2015-09-11 11:10 ` Corinna Vinschen
2015-09-11 12:33 ` Takashi Yano
2015-09-11 15:18 ` Corinna Vinschen
[not found] ` <DJzl1r0012qVqVd01Jzm3c>
2015-09-10 15:49 ` David A Cobb
2015-09-10 16:07 ` Ken Brown
2015-09-10 17:29 ` Corinna Vinschen [this message]
[not found] ` <FU891r01R2qVqVd01U8Bkq>
2015-09-10 20:41 ` David A Cobb
2015-04-29 14:45 Brian Buchanan
2015-04-30 8:24 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150910172923.GC26699@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).