This is the mail archive of the
mailing list for the Cygwin project.
Re: default ACLs
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Fri, 23 Oct 2009 17:27:26 +0200
- Subject: Re: default ACLs
- References: <email@example.com>
- Reply-to: cygwin at cygwin dot com
On Oct 23 10:45, Mikel Ward wrote:
> Hi All
> Default ACLs don't seem to work as they would on Linux, or for that
> matter as they do for files created via Windows Explorer.
> Is this expected?
It's a bit unexpected, actually. Some of the security-related code
hasn't been touched for years and it appears that some of the
assumptions are rather old-fashioned. I read MSDN quite a lot today.
It seems that ACE inheritance depends on the usage of the high-level
functions SetSecurityInfo/SetNamedSecurityInfo. Cygwin on the other hand
uses the ultra-low level function NtSetSecurityObject, which apparently
has no idea what ACE inheritance is about.
And it gets worse. Neither the NtCreateFile function, nor the
CreateFile function handle ACE inheritance either. So, even if you
provide these functions with a security descriptor with the
SE_DACL_AUTO_INHERIT_REQ bit set, it's simply ignored and no inheritance
I'm not yet sure if I should fix this for 1.7.1. Keeping this
behaviour for the time being is at least not a regression :}
Thanks for the report,
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple