This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [TESTERS needed] New POSIX permission handling


On Apr 11 11:40, Corinna Vinschen wrote:
> On Apr 10 19:00, Steven Penny wrote:
> > On Fri, Apr 10, 2015 at 5:07 AM, Corinna Vinschen wrote:
> > > Please give the new code a try.  I uploaded new 2015-04-10 developer
> > > snapshots to https://cygwin.com/snapshots/
> > 
> > Here is the test I ran:
> > 
> >     $ cd /cygdrive/c
> > 
> >     $ touch ~/{alpha,bravo}.sh ~+/{charlie,delta}.sh
> > 
> >     $ chmod +x ~/bravo.sh ~+/delta.sh
> > 
> >     $ ls -l --color ~/{alpha,bravo}.sh ~+/{charlie,delta}.sh
> >     -rw-rw-r--+ 1 John None 0 Apr 10 16:51 /cygdrive/c/charlie.sh
> >     -rwxrwxr-x+ 1 John None 0 Apr 10 16:51 /cygdrive/c/delta.sh    (green)
> >     -rw-r--r--  1 John None 0 Apr 10 16:51 /home/John/alpha.sh
> >     -rwxrwxr-x  1 John None 0 Apr 10 16:51 /home/John/bravo.sh     (green)
> > 
> > So "charlie.sh" looks strange because it has that extra write permission.
> > However this is not a big deal for me. My concern was that everything was
> > showing up executable (green) when running "ls --color". So overall this is an
> > improvement, thanks.
> 
> What is '~+'?  Is that some weird bash feature?
> 
> Did you check the ACL?  The ACL before and after the change should
> explain what happened.  Check it with getfacl *and* icacls to get
> an idea what it looks like, and compare the result with the POSIX
> ACL rules, as outlined on, e.g., http://linux.die.net/man/5/acl.

On second thought, what you need to know is what the NULL DENY ACE looks
like when looking at it in icacls.

The following bits in the NULL DENY access mask are used:

  Windows access    <->   POSIX access
  --------------          ------------
  FILE_READ_DATA          S_ISVTX
  FILE_WRITE_DATA         S_ISGID
  FILE_APPEND_DATA        S_ISUID

  FILE_READ_EA            MASK S_IXOTH  (POSIX execute perms)
  FILE_WRITE_EA           MASK S_IWOTH  (POSIX write perms)
  FILE_EXECUTE            MASK S_IROTH  (POSIX read perms)

  FILE_DELETE_CHILD       Set if MASK is valid

  READ_CONTROL            Set to mark this as a "new style" ACL.

  SYNCHRONIZE             Has no meaning, but icacls has a bug in
                          printing the access mask of DENY ACEs.

Same bits are used in the inheritable NULL DENY, but S_ISVTX and S_ISUID
should never be set, because they are not supposed to be inherited,


HTH,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpB9xqnC9BCG.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]