This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Shares with strange ACL settings

On Aug 14 20:25, Achim Gratz wrote:
> Corinna Vinschen writes:
> > Cool, thanks for your quick feedback.
> Thanks for the snapshot!
> > We should just be aware that this is ultimately a kludge.  I think I now
> > finally understand what would have to be done to get a generic solution
> > which results in correct POSIX permission evaluation for any current
> > user and any file ACL.  However, from some preliminary testing it seems
> > the generic solution has at least two downsides:
> >
> > - It's slow (AuthZ code, setting up and breaking down user/group contexts
> >   for each checked file...)
> >
> > - It would always contact the AD when trying to fetch info for AD users,
> >   which is bad for remote machines not or slowly connected to the AD server.
> I think we've came to the same conclusion (modulo the question of
> whether AuthZ would be usable for this) some time ago.  My personal take
> on this is that the "kludge" is likely better than both what we had
> before and the result of the pre-snapshot ACL evaluation.

FYI, I revamped my AuthZ tests over the weekend and it's not *that*
slow, especially if the application caches and reuses AuthZ user
contexts fetched previosly.

I have POC code in my local sandbox, and I'm planning to apply this to
Cygwin after the 2.2.1 release.  I have some hopes that the AuthZ code
was the puzzle piece missing in the unified POSIX ACL handling code we
tested and then had to drop again earlier this year.

Stay tuned for another round of this unified POSIX ACL handling tests
later this year.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpRvYiPmhfJl.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]