CYGWIN=ntsec, "cp -a", and NT acls
Sat Dec 6 05:57:00 GMT 2008
Thanks for your patience, Brian.
Brian Dessent wrote:
> Rob Walker wrote:
>> [RGW] Hm, looks simple... Why isn't this part of "cp -a" ?
> You have to understand the history of things. In the classic unix
> world, a file has an owner, a group, a mode, and several timestamps.
> From the standpoint of what "cp -a" can manipulate portably, that's
> basically it. All of those things are neatly returned by stat(3) and
> are easily settable/copyable across various filesystems.
> Extended attributes and/or ACLs are a relatively new introduction --
> 'new' relative to the fact that traditional unix filesystems are more
> than 30 years old. They are also inherently very filesystem and
> operating system-specific: everybody does it slightly differently.
> Check out this overview of the subtle differences of a dozen different
> platforms' ACL APIs:
> It's very hard for a general program like 'cp' to know about all these
> various ACL APIs, let alone have any idea how it would go about
> translating the semantics of one to another, which would be required for
> copying across two different filesystems. Remember that 'cp' comes from
> GNU coreutils which is a set of generic tools that target dozens of
> various *nix-ish platforms, whereas the implementations of the getfacl
> and setfacl commands come from Cygwin itself which has the specific
> knowledge of Windows NT ACLs.
>> [RGW] This differs from my experience. Many Windows tools are able to
>> (built to?) twiddle +R and overwrite. They do not seem to be able to
>> handle when the ACLs deny them permission, though.
> Again, attributes have zero to do with security or permissions. They
> are just a few extra advisory bits that the application (or C runtime)
> is free to interpret in any way it wants; they offer nothing in the form
> of OS-enforced restrictions. The Cygwin feature of using the 'backup
> privilege' to emulate root semantics is about bypassing ACLs, not
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
More information about the Cygwin