This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: acl_access denies access owned by 'Everyone' group
Hi!
Saturday, 24 August, 2002 Pierre A. Humblet Pierre.Humblet@ieee.org wrote:
PAH> At 06:53 PM 8/24/2002 +0400, egor duda wrote:
>>Hi!
>>
>>Are you talking about nt->unix access rights mapping here?
PAH> Yes.
>>What if in this case we set permissions like this:
>>-abcxyzxyz user Everyone file_name
>>
PAH> I assume you are talking about mapping the nt ACL to unix
PAH> Makes sense, group = other. However the way the code is written, it will
PAH> interpret the ACL as -abcxyz--- because the Everyone ACL entry is
PAH> used up for group. With the change I proposed (I will send a patch), it
PAH> would be -abc---xyz, which would in fact be equivalent to -abcxyzxyz, as
PAH> Everyone is no more a valid group in the unix sense, so there is nobody
PAH> in Everyone !
Ah, ok. Actually, this should be enough for standard logic for checking of
access rights via access() or stat() to work. '-abc---xyz' may look a
little strange for an eye of an untrained unixoid who is using cygwin,
but it's probably ok. The main point of my concern is to maintain
'File is accessible natively' iff 'File looks accessible from the
point of view of posix APIs'
as strictly, as we can.
>>Or having file owned by 'Everyone' group has other side-effects?
PAH> Yes, for example there is no may to implement chmod abcdefghi if
PAH> def != hgi. (mapping unix to nt). What should we do then?
As far as i understand, it wasn't possible before this change too. ACL
for 'hgi' was constructed using Everyone group, so ACLs created from
'def' and 'hgi' parts were being merged anyway. So, we won't loose
anything here.
PAH> I am curious why it was decided to put the file in the Everyone group.
:) It was purely by accident. I agree that this may be foolish, but
this doesn't mean we shouldn't be foolproof against this.
Egor. mailto:deo@logos-m.ru ICQ 5165414 FidoNet 2:5020/496.19