This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.4.0-0.18


>> It's a bit late now to change how Cygwin constructs and evaluates ACLs.

Sorry, with the holidays and other issues it wasn't possible for me to
look at the test drops earlier.

Going production with a new Cygwin NTFS ACL layout incompatible with
NTFS-3g's already-existing layout would seem a long-term decision
regarding Cygwin <-> Linux interoperability.  Please consider.


On 01/13/2016 07:12 AM, Corinna Vinschen wrote:
> On Jan 12 22:17, random user wrote:
>> Something I wasn't aware of at the time of our prior discussion is
>> that the Linux NTFS-3g driver already supports Linux extended ACLs
>> on NTFS.  This is discussed at
>>  
>> http://www.tuxera.com/community/ntfs-3g-advanced/ownership-and-permissions/
>>
>> I explored taking a flash card back and forth between Cygwin
>> 2.4.0-0.18 and a Linux system, testing how each interprets what the
>> other wrote.
>>
>> I find they don't seem to interpret each other's per-group and mask
>> permission bits correctly when creating their Posix interpretation of
>> an NTFS ACL.
>>
>> I also find that somehow setting extended ACLs on Linux for a
>> directory is causing Cygwin to then see that object as a socket, if
>> I'm reading the below correctly. 'ls' on Cygwin won't descend into
>> that as it normally would for a directory,
>>   bash: cd: dir_acl: Not a directory
>> results when attempting to cd into it, etc.
>>
>> I don't know how common such uses are, but I do use both Cygwin and
>> Linux on the same flash cards and external disks.  If they are both
>> going to support Posix-style extended ACLs written to NTFS, it'd seem
>> nice if they could do so in compatible ways.
> Cygwin is trying to create an ACL with least possible entries while at
> the same time being POSIX compatible.  Apart from the NULL SID deny ACE
> to keep mask info and special bits, it's a pretty normal ACL.
>
> It's a bit late now to change how Cygwin constructs and evaluates ACLs.
> I'll take a look into the dir vs. socket thingy, but no guarantee that
> I can change that for 2.4.0.
>
>> bash 1 34 # ls -al
>> total 0
>> drwx------+ 1 sally sally 0 Jan 12 20:42 .
>> drwx------+ 1 sally sally 0 Jan 12 20:40 ..
>> srwxr-----+ 1 sally sally 0 Jan 12 20:42 dir_acl
>> -rwxr-----+ 1 sally sally 0 Jan 12 20:42 file_acl
>> -rw-------  1 sally sally 0 Jan 12 20:41 file_simple
> Weird.  The only way to set the filetype to socket is if the file is a
> Cygwin symlink (file with system DOS bit set and starting with the
> string "!<socket >".
>
>> [...]
>> bash 1 41 # getfacl dir_acl
>> # file: dir_acl
>> # owner: sally
>> # group: sally
>> user::rwx
>> group::---
>> group:julia:r--
>> mask:r--
>> other:---
>> default:user::rwx
>> default:group::---
>> default:other:---
>> [...]
>> bash 1 42 # icacls dir_acl
>> dir_acl CYGWIN\julia_ug:(NP)(DENY)(W,Rc,WO,X,DC)
>>         Everyone:(OI)(IO)(DENY)(S,X)
>>         CYGWIN\sally:(NP)(F)
>>         CYGWIN\julia_ug:(NP)(RX,W,DC)
>>         CYGWIN\sally_ug:(NP)(DENY)(W,Rc,WO,X,DC)
>>         Everyone:(NP)(Rc,S,REA,RA)
>>         CYGWIN\sally:(OI)(CI)(IO)(F)
>>         Everyone:(OI)(CI)(IO)(Rc,S,REA,RA)
> It will be hard to reproduce such an ACL.  It's just as non-standard as
> a Cygwin ACL, just differently so.  What bugs me is the deny ACE for
> sally_ug which looks pretty weird to me.
>
>
> Corinna
>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]