On Nov  6 16:30, Lemke, Michael  ST/HZA-ZIC2 wrote:
> On Friday, November 06, 2015 10:27 AM Corinna Vinschen wrote:
> >
> >Hi Cygwin friends and users,
> >
> >
> >I released a new TEST version of Cygwin, 2.3.0-0.7.
> >
> >=========================================================================
> >
> >IMPORTANT NOTE:
> 
> ...>
> >
> >  Please guys, I really need feedback for this stuff.
> >
> 
> Ok, here's some: On a network share connected as some domain user different
> from local one:
> 
> $ mkdir test
> $ cygstart test
> 
> Then opening the security tab in an explorer window results in a popup with
> this text:
> 
> ---------------------------
> Windows Security
> ---------------------------
> The permissions on test are incorrectly ordered, which may cause some entries to be ineffective.
> ---------------------------
> OK   
> ---------------------------
> 
> 
> Expected?

Thanks for looking into this, but, yes, that's expected.  There's just
no way to express POSIX ACLs using Windows ACLs and following the
canonical order.  This is even a problem already when only taking the
plain POSIX permission bits for owner, group and other into account.

Note that the canonical order is not required, it's merily a suggestion
and only the Windows GUI is not up to the task to allow working with
arbitrarily ordered ACLs.  The operating system
evaluates non-canoncial ACLs just fine and even the SFU/Interix POSIX
environment created non-canoical ACLs.

There's an old writeup of this stuff in the user docs at
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files.  I guess this
part of documentation needs some extension at one point but I'm not
exactly feeling up to the task yet. :}


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat