From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: win dirs don't handle lack of inherited rule(?): getfacl + tar dir Warning: Cannot acl_to_text: Invalid argument
Date: Wed, 13 Mar 2019 11:34:00 -0000 [thread overview]
Message-ID: <20190313113445.GX3785@calimero.vinschen.de> (raw)
In-Reply-To: <20190313093204.GV3785@calimero.vinschen.de>
[-- Attachment #1: Type: text/plain, Size: 2792 bytes --]
On Mar 13 10:32, Corinna Vinschen wrote:
> On Mar 13 10:18, Corinna Vinschen wrote:
> > On Mar 12 19:22, L A Walsh wrote:
> > > Hope this is ok...the original was in utf16, it's also all one line...
> >
> > No worries.
> >
> > > On 3/12/2019 9:36 AM, Corinna Vinschen wrote:
> > > > Can you please create an acl file like this:
> > > >
> > > > $ icacls default.nlaw-32 /save x.acl
> > > ---
> > > default.nlaw-32
> > > D:P(D;;SWRPWPDTRC;;;S-1-0-0)(A;;FA;;;S-1-5-21-33333-77777-33333-5013)(A;;0x1201ff;;;S-1-5-21-33333-77777-33333-201)(A;;0x1201ff;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1201ff;;;SY)(A;;0x1201ff;;;DA)(A;;0x1201ff;;;BA)(A;;0x1201ff;;;S-1-5-21-1885695451-752926663-1105222378-1015)(A;;0x120080;;;WD)S:AI(ML;OICIID;NW;;;HI)
> >
> > Thank you. This allowed me to create a file with an equivalent DACL...
> > almost.
> >
> > The interesting thing here is that after ACL restoration the DACL has
> > all the entries as yours, in the same order, except that the
> >
> > Mandatory Label\High Mandatory Level:(I)(OI)(CI)(NW)
> >
> > entry is not created. I tried the same under the SYSTEM account and
> > it still silenty ignored the above entry.
> >
> > Given that the DACL is no problem for getfacl without this mandatory
> > label entry, I have to assume that this is what acl_to_text chokes on.
> >
> > The problem now is... how on earth can I create an ACL with this
> > entry? The GUI does not allow to add it and icacls apparently
> > doesn't allow this either, even though it shows it nicely.
>
> Never mind, I managed to add a Mandatory label with
>
> icacls filename /setintegritylevel '(CI)(OI)H'
>
> and I can now reproduce the "Invalid argument".
It turns out that this had nothing to do with mandatory labels. The
real reason for the "Invalid argument" error message was that your
directory doesn't have inheritable entries, except for the mandatory
label.
The issue with mandatory labels is, they are not part of the DACL but of
the SACL. So when Cygwin fetches the DACL to create the posix acl, it
doesn't even see the mandatory label, and the fact that the mandatory
label is inheritable doesn't matter. Cygwin gets a DACL with no
inheritable entry.
And here's the problem:
Per POSIX, the normal acl (ACL_TYPE_ACCESS) and the inheritance acl
(ACL_TYPE_DEFAULT) are two separate lists. So we have the
ACL_TYPE_ACCESS with 9 entries and the ACL_TYPE_DEFAULT with 0 entries.
And while empty ACL_TYPE_DEFAULT acls are valid per POSIX, the Cygwin
function creating the text representation for an acl didn't allow
empty acls.
I pushed a patch and uploaded new developer snapshots to
https://cygwin.com/snapshots/
Please try.
Thanks,
Corinna
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2019-03-13 11:34 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-08 3:36 L A Walsh
2019-03-08 12:15 ` Corinna Vinschen
2019-03-10 10:48 ` L A Walsh
2019-03-10 11:20 ` Corinna Vinschen
2019-03-10 13:35 ` Andrey Repin
2019-03-10 16:38 ` L A Walsh
2019-03-10 22:50 ` Andrey Repin
2019-03-10 23:15 ` L A Walsh
2019-03-10 14:09 ` Brian Inglis
2019-03-12 15:45 ` L A Walsh
2019-03-12 16:36 ` Corinna Vinschen
2019-03-13 2:22 ` L A Walsh
2019-03-13 9:19 ` Corinna Vinschen
2019-03-13 9:32 ` Corinna Vinschen
2019-03-13 11:34 ` Corinna Vinschen [this message]
2019-03-15 2:46 ` L A Walsh
2019-03-15 9:17 ` Corinna Vinschen
2019-03-15 12:25 ` Brian Inglis
2019-03-15 13:34 ` Corinna Vinschen
2019-03-15 14:46 ` L A Walsh
2019-03-15 14:52 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190313113445.GX3785@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).