From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 53360 invoked by alias); 11 Apr 2015 09:51:05 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 53344 invoked by uid 89); 11 Apr 2015 09:51:04 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-wg0-f47.google.com Received: from mail-wg0-f47.google.com (HELO mail-wg0-f47.google.com) (74.125.82.47) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-GCM-SHA256 encrypted) ESMTPS; Sat, 11 Apr 2015 09:51:03 +0000 Received: by wgin8 with SMTP id n8so38175135wgi.0 for ; Sat, 11 Apr 2015 02:51:00 -0700 (PDT) X-Received: by 10.194.221.100 with SMTP id qd4mr10023086wjc.113.1428745860797; Sat, 11 Apr 2015 02:51:00 -0700 (PDT) Received: from [192.168.168.132] (kola909c.vsb.cz. [158.196.43.50]) by mx.google.com with ESMTPSA id pv2sm2041070wjc.33.2015.04.11.02.50.59 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 11 Apr 2015 02:50:59 -0700 (PDT) Message-ID: <5528EE66.8070305@gmail.com> Date: Sat, 11 Apr 2015 09:51:00 -0000 From: David Macek User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: [TESTERS needed] New POSIX permission handling References: <20150410100703.GA4401@calimero.vinschen.de> <87lhhzcarc.fsf@Rainer.invalid> <5528E2ED.7090105@gmail.com> <87d23bc9r5.fsf@Rainer.invalid> In-Reply-To: <87d23bc9r5.fsf@Rainer.invalid> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms050202020201020101090800" X-IsSubscribed: yes X-SW-Source: 2015-04/txt/msg00195.txt.bz2 --------------ms050202020201020101090800 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-length: 1671 On 11. 4. 2015 11:08, Achim Gratz wrote: > David Macek writes: >> Power Users don't have access to (almost) everything, like >> Administrators do. The Domain Administrators group is a member of >> Administrators, so unless I'm missing something, there's no reason to >> have them explicitely in the DACL. >=20 > That doesn't stop folks from using them in DACL entries and membership > of one group in another (rightly) doesn't confer transitive access > rights. I've just named these two examples because I've seen them > before in ACL, I make no claim as to whether that's a sensible thing to > do or not. https://technet.microsoft.com/en-us/library/cc776499(v=3Dws.10).aspx says o= therwise about the group-in-group rights. I'm a bit confused. Maybe we're t= alking about different things -- of course it makes sense to give Domain Ad= ministrators more rights than Administrators, but I don't see any reason fo= r blanket granting Domain Administrators explicit rights on everything on t= he filesystem. The way I see it, the point of the code change was to prevent the "implicit= " Administrators and SYSTEM DACL entries from showing up in the computed PO= SIX access mask because they nicely match the implicit rights root accounts= have on POSIX systems and because they're unhelpful and sometimes problema= tic. As neither Domain Administrators nor Power Users have this combination= of properties (presence on most filesystem objects by default and SeTakeOw= nershipPrivilege), I think it's useful to have them appear in the mask. Please correct me if I'm talking nonsense; I have little practical experien= ce with domain environments. --=20 David Macek --------------ms050202020201020101090800 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature Content-length: 5743 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH AQAAoIIMbzCCBjMwggUboAMCAQICAwxvejANBgkqhkiG9w0BAQsFADCBjDEL MAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMT L1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50 IENBMB4XDTE0MTIzMTA0MDkwNFoXDTE2MDEwMTE1NDg1M1owSjEgMB4GA1UE AwwXZGF2aWQubWFjZWsuMEBnbWFpbC5jb20xJjAkBgkqhkiG9w0BCQEWF2Rh dmlkLm1hY2VrLjBAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEApuk8134+nkISIg7X7ABwKnVLgZsYi5kdXeeWpUrF1YLdLsZL pPjcUA3sk1QRpMMRVbWnCvAjwWI86js8V3sv8xDfD9DPf+f22NDQ9nC8gzsG VJkCr42+vdlwAAuG+hZ81fuRuswdsgMJWvz7uwUwMw2/UDoezIS7Sf9d5BsX h2VyPj1khIuMrvX2q5oVVQ/MV5QfqFtT7zCBPfuqhAROAO/nhNsxqTxjEppK 8Sh1FuIT71hANWHYTyvAwbN3MMzJeSmDAcAvlyNUfjqrLwCPObqinZFlqyR7 a4NG3HbVo3IwnrLScYZs7xE/6h77sFWXSJV9dq7gSVjOwHec+OgijQIDAQAB o4IC3TCCAtkwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYI KwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQEvwqPgbHT3Rg7Y+obpVas +Y+6+jAfBgNVHSMEGDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAiBgNVHREE GzAZgRdkYXZpZC5tYWNlay4wQGdtYWlsLmNvbTCCAUwGA1UdIASCAUMwggE/ MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3 LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBT dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBj ZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgQ2xhc3Mg MSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRDb20gQ0Eg cG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9z ZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRp b25zLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNv bS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzAB hi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGllbnQv Y2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRz L3N1Yi5jbGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8v d3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQELBQADggEBAC+mXthvKJv0 g9fDxLL4OGsVK/sMtsquNast5RYmngwxRzxag9bihcuvlxbl3Y4ZMhLcdViH ku0P/7aLxF6zzXWoIDWmfmiMfS0Sakkd72odZetyDtn+qxOyMfK2zNagdh8b 3i8h1hLFUbGX/ELWmF2k8FfewSchVtosEicopuFIeQaEehYnuUbZLqq815gr wGNMFUBQ9GkrWwrN+7Mx2CkqSv5A4Br+uY/UBNeWGbE9NhrUM0LFiXQkKiAm LzLNc8475trVyShSVv+JwFPDS2XWtEQea5Yd1NTkp8CLrZnWiicH+911e23Y 6BH4LYf9zUSvvFEqOTcBWyEtw9a293IwggY0MIIEHKADAgECAgEeMA0GCSqG SIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBM dGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu aW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eTAeFw0wNzEwMjQyMTAxNTVaFw0xNzEwMjQyMTAxNTVaMIGMMQswCQYDVQQG EwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJl IERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRD b20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoUfE6ERKKnu8zPf1Jwuk0tsvVC k6U9b+0UjM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9f1+1PKHG /FaR/wpbfuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8 Q89lGxahNvuryGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5 r/2dabmtxWMZwhZna//jdiSyrrSMTGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/X e2AC/Y7zeEsnR7FOp+uXAgMBAAGjggGtMIIBqTAPBgNVHRMBAf8EBTADAQH/ MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO8tS4 UYIwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUH AQEEWjBYMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20v Y2EwLQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2Nh LmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8vd3d3LnN0YXJ0c3NsLmNv bS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nm c2NhLmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUF BwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsG AQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUu cGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9eKssBly4Y4xerhy5I3dNoXHY fYa8PlVLL/qtXnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukDFUI22zF5bVHz uJ+GxhnSqN2sD1qetbYwBYK2iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyi kfbUFvIBivtvkR8ZFAk22BZy+pJfAoedO61HTz4qSfQoCRcLN5A0t4DkuVhT MXIzuQ8CnykhExD6x4e6ebIbrjZLb7L+ocR0y4YjCl/Pd4MXU91y0vTipgr/ O75CDUHDRHCCKBVmz/Rzkc/b970MEeHt5LC3NiWTgBSvrLEuVzBKM586YoRD 9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCDz+zjdH89PeR3U4So4lSXur6H 6vp+m9TQXPF3a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqASfTpaprFVkL4 nyGH+NHST2ZJPWIBk81i6Vw0ny0qZW2Niy/QvVNKbb43A43ny076khXO7cNb BIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf6TcvGbjxkJh8BYtv9ePsXklA xtm8J7GCUBthHSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd83129fZjoEhdGwXV 27ioRKbj/cIq7JRXun0NbeY+UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jGCA90w ggPZAgEBMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g THRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln bmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVy bWVkaWF0ZSBDbGllbnQgQ0ECAwxvejAJBgUrDgMCGgUAoIICHTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTA0MTEwOTUw MzBaMCMGCSqGSIb3DQEJBDEWBBTqdTlUwR+Cb8+eCEwH4vPZTP+mgzBsBgkq hkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZI hvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIH MA0GCCqGSIb3DQMCAgEoMIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNV BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1 cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy dENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQID DG96MIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UEBhMCSUwxFjAU BgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFs IENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNz IDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMMb3owDQYJKoZI hvcNAQEBBQAEggEADuhQj5ivEzvhgZP666aB0R3q5xriojtefCCGMDHr24G1 CpBvksO7Xj48qzlamGOSEZ3eBaHYlWSKaksjPTfjhkZUfQcrzAe6kDDQaMse idXWqa+aRJdgv459UdB2tdh6lGgzzYIUWho34SosIRXWE1ikSGdLmzMLPOuk w3jlC33tSPCyqDVEaOJN22+UmoqsBr+7cjsRxRJZAO0W1j/RwHxGqm0ado4B yiL19kht1IPkEnKKvdP5Q4UZ50KpN+QCOgxYLMRvvxjDw7bEUYrcmayj0MwC GSpUWguZNRKiGon1d3cVF8LQTx0EJfZ4a9+BK2GM/rF7mWYrJcBwUos2aQAA AAAAAA== --------------ms050202020201020101090800--