[TESTERS needed] New POSIX permission handling

Corinna Vinschen corinna-cygwin@cygwin.com
Sat Apr 11 10:00:00 GMT 2015 

On Apr 11 11:01, David Macek wrote:
> On 11. 4. 2015 10:47, Achim Gratz wrote:
> > Corinna Vinschen writes:
> >> - To accommodate Windows default ACLs, the new code ignores SYSTEM and
> >>   Administrators group permissions when computing the MASK/CLASS_OBJ
> >>   permission mask on old ACLs, and it doesn't deny access to SYSTEM and
> >>   Administrators group based on the value of MASK/CLASS_OBJ when
> >>   creating the new ACLs.
> 
> Out of curiosity, does the code somehow distinguish ACLs that don't
> have these default permissions (or have different permissions set for
> SYSTEM / Administrators)?

I don't quite understand the question.

For a start, I'd like to point out how POSIX ACLs are supposed to work.
http://linux.die.net/man/5/acl is a good start.  This is our role model.

What this new code in Cygwin does is to ignore SYSTEM and Administrators
account in a very specific way:  It ignores both accounts in terms of
the MASK (or CLASS_OBJ in Solaris speak) values in both directions:

- The "new style" ACLs contain an explicit MASK/CLASS_OBJ value.

  If the MASK/CLASS_OBJ value only allows rw- permissions, but a
  secondary user or group account has rwx permissions, Cygwin will
  generate an --x DENY ACE for this group.

  The exception here:  It won't generate this DENY for SYSTEM and
  Administrators.  So even if MASK disallows certain access, SYSTEM and
  Administrators are not affected but get their full set of permssions
  granted by the user or inheritance rules.

- The "old style" ACLs (created by native Windows means or by former
  Cygwin versions) don't have an explicit MASK.  The new Cygwin code
  generates a MASK value on the fly while reading the ACL.  This mask
  value is refelected by the group permission bits in the POSIX
  permission mask.  Since SYSTEM and Administrators often have "Full
  Access" to any object on the filesystem, that means that very often,
  the group permissions are "rwx", because the MASK value is "rwx".

  The new code will compute the mask the same way as before, but it
  skips the permissions of SYSTEM and Administrators while doing that.
  That means, the POSIX group permission bits are not affected by
  the Windows-typical permissions of SYSTEM and Administrators.

  Example:

    User            rw-
    Primary group   r--
    Other user      rw-
    Other group     r--
    SYSTEM          rwx
    Everyone        ---

  The computed POSIX MASK/CLASS_OBJ value in Cygwin 1.7.35 is the sum
  of all group and secondary user permissions

    rw- | r-- | rwx == rwx

  The new code ignores SYSTEM, thus the mask is

    rw- | r-- == rw-
     
Does this explain it sufficiently?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150411/cb89be80/attachment.sig>

More information about the Cygwin mailing list