NTSEC users: Please test

Corinna Vinschen vinschen@redhat.com
Wed Jul 25 07:40:00 GMT 2001


On Wed, Jul 25, 2001 at 10:28:35PM +0900, Kazuhiro Fujieda wrote:
> >>> On Mon, 16 Jul 2001 00:44:16 +0200
> >>> Corinna Vinschen <vinschen@redhat.com> said:
> 
> > I think I found how to do it and I implemented it now that way:
> > 
> > - The DELETE permission is never used.
> > - The FILE_DELETE_CHILD permission is only set on directories
> >   if user (or group or others) has write and execute permission.
> >   This reflects the POSIX permission to delete a file or subdirectory
> >   only if w and x bits are both set.
> > - If S_ISVTX bit should be set the FILE_DELETE_CHILD permission isn't
> >   set for "others" even if they have write and execute bit set. This
> >   seems to match the POSIX behaviour now as close as possible.
> 
> This way can't allow us to delete files created in the directory
> with the special ACE, the full rights of the "creator owner".
> 
> The default temporary directory is C:/TEMP with the ACE on NT4.0.
> The ACE is used to realize the semantics like the S_ISVTX bit on UNIX.
> So we should be able to freely operate files created by ourselves
> in the directory. But we can't delete them created by the new DLL.
> 
> I propose ntsec adds the DELETE permission of the owner to files
> created in such directories.

I'm partly convinced. I have a slight problem, though. This
would actually require to read the directory permissions to
set the correct file permissions... which waists lot of time.

Would it perhaps be ok to add the DELETE permission to a files
owner ACE always? That wouldn't exactly match the UNIX way but
it would be a close subset, perhaps.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.



More information about the Cygwin-developers mailing list