From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 69462 invoked by alias); 10 Sep 2015 17:29:27 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 69444 invoked by uid 89); 10 Sep 2015 17:29:26 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-4.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 10 Sep 2015 17:29:25 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 80F15A80355; Thu, 10 Sep 2015 19:29:23 +0200 (CEST) Date: Thu, 10 Sep 2015 17:29:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: Group Permissions on root folders problem (Windows 10 TP build 10061) Message-ID: <20150910172923.GC26699@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <20150616155843.GE31537@calimero.vinschen.de> <55F1A69D.9050201@cox.net> <55F1AADD.1030908@cornell.edu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="t0UkRYy7tHLRMCai" Content-Disposition: inline In-Reply-To: <55F1AADD.1030908@cornell.edu> User-Agent: Mutt/1.5.23 (2014-03-12) X-SW-Source: 2015-09/txt/msg00151.txt.bz2 --t0UkRYy7tHLRMCai Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 1779 On Sep 10 12:07, Ken Brown wrote: > On 9/10/2015 11:49 AM, David A Cobb wrote: > >On a Windows-10 host: when I use Cygwin *chown***or *chmod *to make > >permission changes, the next time I access the folder-tree from Windows > >Explorer Security tab, it complains that the Access Control List is > >incorrectly ordered and that will cause undesirable results; happy to > >say, it gives me the chance to re-order the ACL. The usual undesirable > >result is that an app can create a folder /New/ within /T/ but cannot > >create anything within /T/////New/. > > > >Hypothesis: we are indirectly(?) modifying the ACL but are not observing > >whatever Windows expects for ordering. I know that Windows enforces > >"*deny*" rules before any "*allow*" rules; I do not know what other Ken's right, the docs explain it basically. Additionally it's important to stress the fact that Windows does not actually enforce the so-called "canonical" order. It does so only in some circumstances, as in the GUI. In fact it's only a "nice to have", not an OS limitation. The evalation order of ACLs is the only interesting factor and that works the same way, independently from the ACL being canonical or not. Therefore the Cygwin-generated ACLs are not necessarily canonical, but still valid. Just *don't* reorder them in the GUI, unless you really know what you're doing. > >ordering it observes. I do know that Windows doesn't really consider > >the "group" property the same way POSIX does, FWIW. >=20 > This is explained in the Cygwin User's Guide: >=20 > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files >=20 > Ken Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --t0UkRYy7tHLRMCai Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJV8b3zAAoJEPU2Bp2uRE+gJeAP/RlomLUIJkAk8rVB5mS3K0Jm re7nx0vkLeKv3fQyiCXU+lRWHbSwrMuOH4MFJZ3lcBCDl/h7WIVsnkutREf0QQ6k S4DxfaoKtNS3DcdlXyaBpD7IrQV5BtOhuYQyb9YN6fwxGvdnwdiDsjG9cGzJ2RhB Jc/NKxK2MnFVNl9Ca3qj9Duc1z/vX3Q3mya9dVM35bivWqzn6JjkMumk2+VW5TQk ovg62rUTkwveJgt8sscXVWNyVeK4lC7v4411qs8a8RqCE8LKPL/9GhF/UWSYD29z pW85uhR6zK9MeH1xf18ppdAdj6g7Dv0StFiB+2GgkU+ZihNL/Z1g8P6jE5JeBfwf 35lNPZtVORugBqF52Are62QfARb40/hdgeB9/2YZZjf8tgAVNaiIQ53MjsL7XEq2 IVfwYc1OfaMs5OuX0IEdI9Tzvn12jKEHE05D0CqCWvELqU1c0cZOf9F65kySvs/R IfSpiOv4qrc98XZD2O99XafYPw5Kg1ZemevQdRvxnD0juKIlrbqGR03I0HJGpuw9 JUesJiqrWoznqZmO8Ywv9/fts8Fn/jNTKkdZkjjH8Ccw4IrGZPmsSkuv0pN37Lm0 usZCUBTmVZtKbYdz75SbK2wbhFSzQB+pqoUtGVSDUUltLaOdwMPkhyAmN7YTlaGr 7MF7crq8XVpsH0HFsHz4 =sQZZ -----END PGP SIGNATURE----- --t0UkRYy7tHLRMCai--