security.cc and sec_acl.cc (ntsec, inheritance and sec_acl)
Pierre A. Humblet
Pierre.Humblet@ieee.org
Mon Dec 16 10:01:00 GMT 2002
Corinna Vinschen wrote:
>
> Hi Pierre,
>
> On Mon, Dec 16, 2002 at 10:31:16AM -0500, Pierre A. Humblet wrote:
> > I have a question: there is code in setacl (new line 139) to merge non-default
> > ACE's with previous default ACEs.
> > As the acl was sorted, I don't see how that code can ever be exercised.
> > Should we try to merge default ACEs with non-default ones? I am not sure it's
> > worth it.
>
> the answer is "yes".
>
> The incoming acls are Sun acls. They could look like this:
>
> ...
> user:foo:rw-
> ...
> default:user:foo:rw-
>
> That is a sorted acl, right? When converting this into a Windows ACL
> I'd like to see this as just one ACL, having the correct permissions
> *plus* the inheritance attribute. I don't see how that's incorrect?!?
>
It's correct, and it's apparently being done already (see below).
But frankly I don't understand why it happens!
The default is merged with a previous non-default.
I only see Cygwin code to merge a non-default with a previous default.
Pierre
/> mkdir abcd
/> setfacl -s u::rwx,g::rwx,o::rwx,u:testuser:r--,d:u:testuser:r-- abcd
/> getfacl abcd
# file: abcd
# owner: PHumblet
# group: Clearusers
user::rwx
user:testuser:r--
group::rwx
mask:rwx
other:rwx
default:user:testuser:r--
default:mask:rwx
/> cacls abcd
e:\abcd DOMAIN\PHumblet:F
PHumblet\testuser:(OI)(CI)(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_READ_DATA
FILE_READ_EA
FILE_READ_ATTRIBUTES
DOMAIN\Clearusers:F
Everyone:F
> Corinna
More information about the Cygwin-patches
mailing list