From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 79227 invoked by alias); 11 Apr 2015 08:47:20 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 79208 invoked by uid 89); 11 Apr 2015 08:47:18 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.4 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-in-01.arcor-online.net Received: from mail-in-01.arcor-online.net (HELO mail-in-01.arcor-online.net) (151.189.21.41) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (CAMELLIA256-SHA encrypted) ESMTPS; Sat, 11 Apr 2015 08:47:16 +0000 Received: from mail-in-17-z2.arcor-online.net (mail-in-17-z2.arcor-online.net [151.189.8.34]) by mx.arcor.de (Postfix) with ESMTP id 3lP8wJ0Pfkz2lnH for ; Sat, 11 Apr 2015 10:47:12 +0200 (CEST) Received: from mail-in-02.arcor-online.net (mail-in-02.arcor-online.net [151.189.21.42]) by mail-in-17-z2.arcor-online.net (Postfix) with ESMTP id 094513665FC for ; Sat, 11 Apr 2015 10:47:12 +0200 (CEST) X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-02.arcor-online.net 3lP8wH6T1lz1Sq1 Received: from Gertrud (p54B7F119.dip0.t-ipconnect.de [84.183.241.25]) (Authenticated sender: stromeko@arcor.de) by mail-in-02.arcor-online.net (Postfix) with ESMTPSA id 3lP8wH6T1lz1Sq1 for ; Sat, 11 Apr 2015 10:47:11 +0200 (CEST) From: Achim Gratz To: cygwin@cygwin.com Subject: Re: [TESTERS needed] New POSIX permission handling In-Reply-To: <20150410100703.GA4401@calimero.vinschen.de> (Corinna Vinschen's message of "Fri, 10 Apr 2015 12:07:03 +0200") References: <20150410100703.GA4401@calimero.vinschen.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) Date: Sat, 11 Apr 2015 08:47:00 -0000 Message-ID: <87lhhzcarc.fsf@Rainer.invalid> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SW-Source: 2015-04/txt/msg00188.txt.bz2 Corinna Vinschen writes: > - To accommodate Windows default ACLs, the new code ignores SYSTEM and > Administrators group permissions when computing the MASK/CLASS_OBJ > permission mask on old ACLs, and it doesn't deny access to SYSTEM and > Administrators group based on the value of MASK/CLASS_OBJ when > creating the new ACLs. Since you've now opened that can of worms of who is considered "root", what about "Domain Administrators" or "Power Users", for starters? > That means, even if SYSTEM or Administrators have full access to the > file, the POSIX permssion bits will not reflect that fact. And while > other users get access denied based on the mask value, SYSTEM and > Administrators will never get access denied based on the mask. If you want to put this to better use in larger settings it would seem preferrable if it was possible to define a list of users to treat this way in fstab. I think this would help with the braindead settings NetApp filers are set up these days by default. That generally means that some domain group(s) need to be considered root on the share depending on which share you are accessing. > Apart from bugfixing the aforementioned code, there's still work to do > on the getfacl and setfacl tools: Sorry to pile another one on here: Currently it's not possible to use -k and -b on the same invocation. This works just fine on Linux. Having the newer getfacl / setfacl from *BSD that deals with NFSv4 ACL might be worth a shot, since at least superficially these seem to match better to NTFS DACL in scope and would probably bring it more in line with what icacls would show and do. Before you ask, it has been duly noted that NFSv4 ACL are somewhat incompatible with POSIX ACL in the same way that NTFS DACL are=E2=80=A6 maybe some more info can be gleaned fr= om those documents: http://users.suse.com/~agruen/acl/linux-acls/online/ http://users.suse.com/~agruen/nfs4acl/ http://www.ietf.org/archive/id/draft-ietf-nfsv4-acl-mapping-03.txt http://www.bestbits.at/richacl/draft-gruenbacher-nfsv4-acls-in-posix-00.html http://docs.oracle.com/cd/E23824_01/html/821-1448/gbacb.html Regards, Achim. --=20 +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Samples for the Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#BlofeldSamplesExtra -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple