From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 100123 invoked by alias); 11 Apr 2015 09:02:08 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 100110 invoked by uid 89); 11 Apr 2015 09:02:07 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-wi0-f172.google.com Received: from mail-wi0-f172.google.com (HELO mail-wi0-f172.google.com) (209.85.212.172) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-GCM-SHA256 encrypted) ESMTPS; Sat, 11 Apr 2015 09:02:06 +0000 Received: by widdi4 with SMTP id di4so20499058wid.0 for ; Sat, 11 Apr 2015 02:02:03 -0700 (PDT) X-Received: by 10.180.99.2 with SMTP id em2mr4611527wib.59.1428742923454; Sat, 11 Apr 2015 02:02:03 -0700 (PDT) Received: from [192.168.168.132] (kola909c.vsb.cz. [158.196.43.50]) by mx.google.com with ESMTPSA id k2sm1900077wif.3.2015.04.11.02.02.01 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 11 Apr 2015 02:02:02 -0700 (PDT) Message-ID: <5528E2ED.7090105@gmail.com> Date: Sat, 11 Apr 2015 09:02:00 -0000 From: David Macek User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: [TESTERS needed] New POSIX permission handling References: <20150410100703.GA4401@calimero.vinschen.de> <87lhhzcarc.fsf@Rainer.invalid> In-Reply-To: <87lhhzcarc.fsf@Rainer.invalid> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms010303040802040104000702" X-IsSubscribed: yes X-SW-Source: 2015-04/txt/msg00189.txt.bz2 --------------ms010303040802040104000702 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-length: 1698 On 11. 4. 2015 10:47, Achim Gratz wrote: > Corinna Vinschen writes: >> - To accommodate Windows default ACLs, the new code ignores SYSTEM and >> Administrators group permissions when computing the MASK/CLASS_OBJ >> permission mask on old ACLs, and it doesn't deny access to SYSTEM and >> Administrators group based on the value of MASK/CLASS_OBJ when >> creating the new ACLs. Out of curiosity, does the code somehow distinguish ACLs that don't have th= ese default permissions (or have different permissions set for SYSTEM / Adm= inistrators)? > Since you've now opened that can of worms of who is considered "root", > what about "Domain Administrators" or "Power Users", for starters? > >> That means, even if SYSTEM or Administrators have full access to the >> file, the POSIX permssion bits will not reflect that fact. And while >> other users get access denied based on the mask value, SYSTEM and >> Administrators will never get access denied based on the mask. >=20 > If you want to put this to better use in larger settings it would seem > preferrable if it was possible to define a list of users to treat this > way in fstab. I think this would help with the braindead settings > NetApp filers are set up these days by default. That generally means > that some domain group(s) need to be considered root on the share > depending on which share you are accessing. Power Users don't have access to (almost) everything, like Administrators d= o. The Domain Administrators group is a member of Administrators, so unless= I'm missing something, there's no reason to have them explicitely in the D= ACL. I'm not arguing against configurability though. --=20 David Macek --------------ms010303040802040104000702 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature Content-length: 5743 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH AQAAoIIMbzCCBjMwggUboAMCAQICAwxvejANBgkqhkiG9w0BAQsFADCBjDEL MAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMT L1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50 IENBMB4XDTE0MTIzMTA0MDkwNFoXDTE2MDEwMTE1NDg1M1owSjEgMB4GA1UE AwwXZGF2aWQubWFjZWsuMEBnbWFpbC5jb20xJjAkBgkqhkiG9w0BCQEWF2Rh dmlkLm1hY2VrLjBAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEApuk8134+nkISIg7X7ABwKnVLgZsYi5kdXeeWpUrF1YLdLsZL pPjcUA3sk1QRpMMRVbWnCvAjwWI86js8V3sv8xDfD9DPf+f22NDQ9nC8gzsG VJkCr42+vdlwAAuG+hZ81fuRuswdsgMJWvz7uwUwMw2/UDoezIS7Sf9d5BsX h2VyPj1khIuMrvX2q5oVVQ/MV5QfqFtT7zCBPfuqhAROAO/nhNsxqTxjEppK 8Sh1FuIT71hANWHYTyvAwbN3MMzJeSmDAcAvlyNUfjqrLwCPObqinZFlqyR7 a4NG3HbVo3IwnrLScYZs7xE/6h77sFWXSJV9dq7gSVjOwHec+OgijQIDAQAB o4IC3TCCAtkwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYI KwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQEvwqPgbHT3Rg7Y+obpVas +Y+6+jAfBgNVHSMEGDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAiBgNVHREE GzAZgRdkYXZpZC5tYWNlay4wQGdtYWlsLmNvbTCCAUwGA1UdIASCAUMwggE/ MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3 LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBT dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBj ZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3Mg MSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0Eg cG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9z ZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRp b25zLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNv bS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzAB hi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGllbnQv Y2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRz L3N1Yi5jbGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8v d3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQELBQADggEBAC+mXthvKJv0 g9fDxLL4OGsVK/sMtsquNast5RYmngwxRzxag9bihcuvlxbl3Y4ZMhLcdViH ku0P/7aLxF6zzXWoIDWmfmiMfS0Sakkd72odZetyDtn+qxOyMfK2zNagdh8b 3i8h1hLFUbGX/ELWmF2k8FfewSchVtosEicopuFIeQaEehYnuUbZLqq815gr wGNMFUBQ9GkrWwrN+7Mx2CkqSv5A4Br+uY/UBNeWGbE9NhrUM0LFiXQkKiAm LzLNc8475trVyShSVv+JwFPDS2XWtEQea5Yd1NTkp8CLrZnWiicH+911e23Y 6BH4LYf9zUSvvFEqOTcBWyEtw9a293IwggY0MIIEHKADAgECAgEeMA0GCSqG SIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBM dGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eTAeFw0wNzEwMjQyMTAxNTVaFw0xNzEwMjQyMTAxNTVaMIGMMQswCQYDVQQG EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJl IERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRD b20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoUfE6ERKKnu8zPf1Jwuk0tsvVC k6U9b+0UjM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9f1+1PKHG /FaR/wpbfuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8 Q89lGxahNvuryGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5 r/2dabmtxWMZwhZna//jdiSyrrSMTGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/X e2AC/Y7zeEsnR7FOp+uXAgMBAAGjggGtMIIBqTAPBgNVHRMBAf8EBTADAQH/ MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO8tS4 UYIwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUH AQEEWjBYMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20v Y2EwLQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2Nh LmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8vd3d3LnN0YXJ0c3NsLmNv bS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nm c2NhLmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUF BwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsG AQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUu cGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9eKssBly4Y4xerhy5I3dNoXHY fYa8PlVLL/qtXnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukDFUI22zF5bVHz uJ+GxhnSqN2sD1qetbYwBYK2iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyi kfbUFvIBivtvkR8ZFAk22BZy+pJfAoedO61HTz4qSfQoCRcLN5A0t4DkuVhT MXIzuQ8CnykhExD6x4e6ebIbrjZLb7L+ocR0y4YjCl/Pd4MXU91y0vTipgr/ O75CDUHDRHCCKBVmz/Rzkc/b970MEeHt5LC3NiWTgBSvrLEuVzBKM586YoRD 9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCDz+zjdH89PeR3U4So4lSXur6H 6vp+m9TQXPF3a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqASfTpaprFVkL4 nyGH+NHST2ZJPWIBk81i6Vw0ny0qZW2Niy/QvVNKbb43A43ny076khXO7cNb BIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf6TcvGbjxkJh8BYtv9ePsXklA xtm8J7GCUBthHSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd83129fZjoEhdGwXV 27ioRKbj/cIq7JRXun0NbeY+UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jGCA90w ggPZAgEBMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g THRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln bmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVy bWVkaWF0ZSBDbGllbnQgQ0ECAwxvejAJBgUrDgMCGgUAoIICHTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTA0MTEwOTAx MzNaMCMGCSqGSIb3DQEJBDEWBBR1Vd3Z+oK+Wnm0FW1vRVJlOmsR3zBsBgkq hkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZI hvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIH MA0GCCqGSIb3DQMCAgEoMIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNV BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1 cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy dENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQID DG96MIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UEBhMCSUwxFjAU BgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFs IENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNz IDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMMb3owDQYJKoZI hvcNAQEBBQAEggEAIJtPk+b/3mh/GoKAE77gSv74f6Y0JpTfSaG7lNaW1xxl cV0rjTeYyUGzV842weV0DsISpy5ATSjzpw5j8z5IvwtsvVFQaLsrnzUGMwkC 7Ht88ZS58+kPO8/YBLvG+BmLZRlxWcEEj4h6myVY02LULTiM/wLY+haWxF17 2Q9J8wwkuJlQrUTA6/4T25qmckpa6y5dUScRoGR261OWQNmbRq8eJfNq8ubC wX6oHRXMUto1f0EPcsLMJBTUVQ4F0Hst0U8+ZDbb9UwX2yjlMLHwM37Mt6iy Xbl0yhiIPO44O9ci6cIrHgG4sVX/lmjMy0n1UYFR1NNf4FzWCQil4aiLLwAA AAAAAA== --------------ms010303040802040104000702--