On Dec 21 14:22, Thomas Wolff wrote: > On 23.10.2015 14:25, Corinna Vinschen wrote: > >On Oct 23 14:22, Corinna Vinschen wrote: > >>On Oct 23 11:06, Achim Gratz wrote: > >>>I don't have much time to test it right now (and won't have any time at all > >>>next week), but so far things look good. The problem with the 0.2 test > >>>version with UID/GID mapping and not recognizing the primary domain in some > >>>cases is gone (might have been a fluke anyway). Correlating the output from > >>>getfacl and icacls still requires some mental gymnastics, but I didn't find > >>>any obvious errors in the mode bits and ACL so far, which means that things > >>>like rsync (and some file tests) will now return the correct results for the > >>>cases I've looked at. > >>You won't believe how grateful I am having you testing this. Thank you! > >> > >>Would you mind to read the comment at the start of sec_acl.cc? > >https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=winsup/cygwin/sec_acl.cc;hb=a8ec1e804ee9ba2d6f8304731e593dcf167c9836#l27 > > > >>I'd be > >>very interested in learning if the description is meaningful enough to > >>other developers. I also fear we need to have an improved documentation > >>explaining how this works and what NOT to do, e.g., reorder ACLs :| > Sorry for the late response... > The description is mostly meaningful. Just the coexistence of X and X_OBJ > entries isn't self-explanatory. I think I don't quite understand what you mean. As the developer I'm working under the assumption that the posix ACL description is known (not wanting to explain this from scratch in the sources). - USER_OBJ refers to the owner of the file. Only one such entry exists and is equivalent to the POSIX permission bits for the owner. - GROUP_OBJ refers to the owning group of the file. Only one such entry exsist, same as for USER_OBJ. - USER is an entry for a secondary user. There can be an arbitrary number up to a system-defined maximum of them. E.g, Peter is owner of the file, so he's the one refered to by the USER_OBJ entry. Paul has an additonal entry in the ACL with, say, rw- perms. Paul's permissions are given by a USER entry "user:paul:rw-". - GROUP is an entry for a secondary group. Any number up to a system-defined maximum entries are possible. E.g, the owner is Paul (USER_OBJ), the group is Users (GROUP_OBJ), there's an additional entry for the Administrators group giving them Full Access. This one is a GROUP entry "group:Administrators:rwx". Does this make it clearer? Is there still something missing in the source comment? Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat