CYGWIN=ntsec, "cp -a", and NT acls

Rob Walker
Sat Dec 6 05:57:00 GMT 2008

Thanks for your patience, Brian.


Brian Dessent wrote:
> Rob Walker wrote:
>> [RGW] Hm, looks simple...  Why isn't this part of "cp -a" ?
> You have to understand the history of things.  In the classic unix
> world, a file has an owner, a group, a mode, and several timestamps. 
> From the standpoint of what "cp -a" can manipulate portably, that's
> basically it.  All of those things are neatly returned by stat(3) and
> are easily settable/copyable across various filesystems.
> Extended attributes and/or ACLs are a relatively new introduction --
> 'new' relative to the fact that traditional unix filesystems are more
> than 30 years old.  They are also inherently very filesystem and
> operating system-specific: everybody does it slightly differently. 
> Check out this overview of the subtle differences of a dozen different
> platforms' ACL APIs:
> <;a=blob_plain;f=doc/acl-resources.txt;hb=HEAD>.
> It's very hard for a general program like 'cp' to know about all these
> various ACL APIs, let alone have any idea how it would go about
> translating the semantics of one to another, which would be required for
> copying across two different filesystems.  Remember that 'cp' comes from
> GNU coreutils which is a set of generic tools that target dozens of
> various *nix-ish platforms, whereas the implementations of the getfacl
> and setfacl commands come from Cygwin itself which has the specific
> knowledge of Windows NT ACLs.
>> [RGW] This differs from my experience.  Many Windows tools are able to 
>> (built to?) twiddle +R and overwrite.  They do not seem to be able to 
>> handle when the ACLs deny them permission, though.
> Again, attributes have zero to do with security or permissions.  They
> are just a few extra advisory bits that the application (or C runtime)
> is free to interpret in any way it wants; they offer nothing in the form
> of OS-enforced restrictions.  The Cygwin feature of using the 'backup
> privilege' to emulate root semantics is about bypassing ACLs, not
> attributes.
> Brian
> --
> Unsubscribe info:
> Problem reports:
> Documentation:
> FAQ:         

Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list