From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 125148 invoked by alias); 10 Sep 2015 20:41:52 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 125140 invoked by uid 89); 10 Sep 2015 20:41:51 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: eastrmfepo101.cox.net Received: from eastrmfepo101.cox.net (HELO eastrmfepo101.cox.net) (68.230.241.213) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 10 Sep 2015 20:41:50 +0000 Received: from eastrmimpo110 ([68.230.241.223]) by eastrmfepo101.cox.net (InterMail vM.8.01.05.15 201-2260-151-145-20131218) with ESMTP id <20150910204149.UPEE17881.eastrmfepo101.cox.net@eastrmimpo110> for ; Thu, 10 Sep 2015 16:41:49 -0400 Received: from [68.0.254.104] ([68.0.254.104]) by eastrmimpo110 with cox id FYho1r00H2Fuz4c01YhoCj; Thu, 10 Sep 2015 16:41:49 -0400 X-CT-Class: Clean X-CT-Score: 0.00 X-CT-Spam: 0 X-Authority-Analysis: v=2.0 cv=FaLpMuC6 c=1 sm=1 a=E2TABC3fJca0I99Ic2bSGA==:17 a=kviXuzpPAAAA:8 a=w_pzkKWiAAAA:8 a=xY73FNB23K_2OedlPv0A:9 a=QEXdDO2ut3YA:10 a=E2TABC3fJca0I99Ic2bSGA==:117 X-CM-Score: 0.00 Authentication-Results: cox.net; auth=pass (CRAM-MD5) smtp.auth=superbiskit@cox.net From: David A Cobb Subject: Re: Group Permissions on root folders problem (Windows 10 TP build 10061) To: cygwin@cygwin.com References: <20150616155843.GE31537@calimero.vinschen.de> <55F1A69D.9050201@cox.net> Message-ID: <55F1EB0E.1090802@cox.net> Date: Thu, 10 Sep 2015 20:41:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:43.0) Gecko/20100101 Thunderbird/43.0a1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2015-09/txt/msg00161.txt.bz2 On 2015-09-10 12:07, Ken Brown wrote: > On 9/10/2015 11:49 AM, David A Cobb wrote: >> On a Windows-10 host: when I use Cygwin *chown***or *chmod *to make >> permission changes, the next time I access the folder-tree from Windows >> Explorer Security tab, it complains that the Access Control List is >> incorrectly ordered and that will cause undesirable results; happy to >> say, it gives me the chance to re-order the ACL. The usual undesirable >> result is that an app can create a folder /New/ within /T/ but cannot >> create anything within /T/////New/. >> This is explained in the Cygwin User's Guide: > > https:/cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files > > Ken > OK, but where the UG says: * All access denied ACEs *should* precede any access allowed ACE. ACLs following this rule are called "canonical". Note that the last rule is a preference or a definition of correctness. It's not an absolute requirement. All Windows kernels will correctly deal with the ACL regardless of the order of allow and deny ACEs. The second rule is not modified to get the ACEs in the preferred order. Unfortunately the security tab in the file properties dialog of the Windows Explorer insists to rearrange the order of the ACEs to canonical order before you can read them. Thank God, the sort order remains unchanged if one presses the Cancel button. But don't even *think* of pressing OK... What I'm seeing suggests that the statement of Windows (really NTFS?) "correctly dealing with this" is no longer correct. What is more, if I do /not/ allow Windows to reorder the rules to its own liking, I cannot correct the symptom described about not being able to access files within "/New/". It's all very well to say "don't even think of pressing OK," but IMNSHO Cygwin should /_never_/ allow a user to create a situation which is so unacceptable to Windows. It would be better to tell the user "I'm sorry, Dave, I'm not able to do that." [Correct quote from Hal of '2001' forgotten]. I know that not all settings allowed in POSIX can be represented -- so refuse to try setting the things that cannot be represented. I wouldn't mind mounting everything as "noacl," but would that not disable even the limited permission settings we can represent? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple