From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 41134 invoked by alias); 29 Jan 2016 16:07:47 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 41042 invoked by uid 89); 29 Jan 2016 16:07:46 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-HELO: localhost.localdomain Received: from localhost (HELO localhost.localdomain) (127.0.0.1) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 29 Jan 2016 16:07:46 +0000 Reply-To: cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-93.9 required=5.0 tests=BAYES_50,KAM_LAZY_DOMAIN_SECURITY,KHOP_DYNAMIC,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=rx, r-x, publications, sgi Date: Fri, 29 Jan 2016 18:42:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.5.0-0.2 Message-Id: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-SW-Source: 2016-01/txt/msg00474.txt.bz2 Hi Cygwin friends and users, I released a new Cygwin TEST version 2.5.0-0.2. This new test release introduces a change which also affects users in terms of the POSIX file permission handling. One of them is a bugfix: - Under some circumstances you could observe a spurious entry for the owning group with no permissions at all, e.g.: $ getfacl foo # owner: hein # group: bloed user::rwx group::r-- group:SYSTEM:rwx group:bloed:--- <--- spurious, this should be gone now mask::rwx other::r-x - Usually POSIX.1e requires that chmod does not change the group permissions but the MASK permissions if additional user and group entries are present. This may result in a confusing behaviour: $ getfacl -c foo user::rwx group::r-- group:blah:r-- mask::r-- other::r-- So the primary group only has read perms. Now let's see what happens when calling `chmod g+w': $ ls -l foo -rwxr--r--+ [...] foo $ chmod g+w foo $ ls -l foo -rwxrw-r--+ [...] foo Looks good so far, but... $ getfacl -c foo user::rwx group::r-- <-- Still only read perms, no write perms group:blah:r-- mask::rw- <-- Only the mask has changed other::r-- So chmod g+w does NOT result in the primary group getting write permissions if it doesn't already have them. This is one of the more puzzling aspects of POSIX.1e. The chmod change in 2.5.0 now handles default Windows ACL with entries only for the owner, the group, other, SYSTEM and the Administrators group as if it's a standard POSIX ACL. That is, chmod will not only influence the POSIX MASK entry, but also the owning group entry. The result should be more along the lines of Windows user expectations when calling chmod. Note that this is restricted to *only* the ACLs described above. Any other group present in the ACL will switch chmod back to the POSIX.1e behaviour. Other than that, this release still introduces a major change addressing developers only. tl;dr: Cygwin 2.5.0 switches Cygwin from the Solaris ACL API to the POSIX.1e ACL API. Since the year 2000, Cygwin supports a POSIXoid ACL emulation. This emulation is based on the Solaris API, which is only marginally comparable to the POSIX ACL API defined in the withdrawn draft POSIX.1e(*). At about the same time SGI started to implement POSIX.1e which eventually became libacl in 2001. Libacl is the POSIX ACL implementation used on Linux. With Cygwin 2.4.0, Cygwin introduced a major revamp of the POSIX ACL emulation. This new emulation is complete in the sense that the ACL handling covers all of POSIX.1e quirks. This in turn allows to use the POSIX.1e API. The Solaris API is the base implementation and stays available. The POSIX.1e API is implemented in terms of the Solaris types and mainly a slim layer on top of the Solaris API. Changes for developers: - The full set of POSIX.1e functions is now available. - Most of the libacl extensions are available as well. The only exceptions right now are the two functions perm_copy_file and perm_copy_fd. These can be added later. Somebody just has to do it :) - The header now *only* exposes the POSIX.1e API. - To get access to the Solaris API, you will have to include now. - There's a new header which exposes the libacl extension functions. Please give this new POSIX.1e ACL implementation a test. If you have a project or maintain a package utilizing ACLs, please make sure that your project picks up the new POSIX.1e API and that it works as desired. Have fun, Corinna (*) http://wt.tuxomania.net/publications/posix.1e/ -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple