Re: A notion about saving and restoring Windows file security info

[Eliot Moss <moss@cs.umass.edu>]

On 1/7/2022 8:02 AM, Corinna Vinschen wrote:

 > Reconsidered: Its a bit of effort for reasons outlined below.

Possibly ...

 > No settings in that case.

I didn't entirely get your meaning, but I *think* you said if this
is implemented, it should just return these "extra" things as suitably
named attributed all the time.

 >*Iff* we do that, we should provide the native ACLs in a consistent manner.

Yes, it should be consistent - but that doesn't rule out continuing the exist
get/setfacl interface, for example.

 > I'm a bit concerned how this is supposed to work in cases where the user
 > uses the tool's 'restore xattrs' flag but is missing admin rights.  There's
 > also a potentially confusing result if you restore ACL xattrs on another
 > system.  The SIDs won't match and you can easily end up with an entirely
 > broken permission hirarchy.

If you're missing the rights, setting that "attribute" will fail and a
reasonable tool will tell you.  There may also be file systems that don't
support security descriptors, and trying to restore there would also fail.
The same might be true of xatts generally - not all file systems support
them.

Restoring on a different system is not unlike extracting from a tar archive
and asking for the uid/gid/perms to be preserved - caveat utilor, though a
good tool would give some control.

 > Also, to answer my own question, listxattr would have to list the xattr, of
 > course, otherwise backup tools wouldn't find the xattr and still not save
 > it.

Right.

 >> Another question to ponder is whether an interface of the kind I am suggesting
 >> might also present NTFS ADSs (alternate data streams) as xattrs,
 >
 > See the thread starting at
 > https://cygwin.com/pipermail/cygwin/2022-January/250352.html

That does raise the interesting question of whether ADSs more appropriately
should present a file-like interface or xattr-like one.  The latter would
present an ADS as one (possibly big) blob, or else complicate the interface.
There could still be a file-like interface, separately.  An xattr-like one
might be good for transparent backup/restore.  More pondering required!

 >> Another design question is the names to use for these "magical" xattrs.  For
 >> generality, if the feature is turned on, it might be good to add a prefix to
 >> the names of real xattrs when getting/listing, that would be stripped off when
 >> setting, and would of course be different from the prefix(es) for the
 >> "magical" attributes.  For example, we could use:
 >
 > https://man7.org/linux/man-pages/man7/xattr.7.html
 >
 > Right now, all xattrs are treated by Cygwin as if they are in the "user"
 > namespace.  Ideally the ACL xattr would go into the "system" namespace,
 > but NOT use the system.posix_acl_access name.  Perhaps something like
 > "system.windows_acl_access"
 >
 > If you want to take a stab at it, see the file winsup/cygwin/ntea.cc.
 > It handles reading (function "read_ea") and writing (function "write_ea")
 > of EAs, and it provides the external POSIXy calls {l,f}getxattr,
 > {l,f}listxattr, {l,f}setxattr and {l,f}removexattr.
 >
 > One problem is currently that the handling of the "user" namespace
 > is hardcoded.  That needs a bit of mellowing.

Thanks for the pointers - I may take a look at it!  Eliot