Corinna Vinschen corinna-cygwin@cygwin.com
Sat Apr 18 11:07:00 GMT 2015

On Apr 18 12:48, Achim Gratz wrote:
> Corinna Vinschen writes:
> > Right.  It's a compromise.  I take it you don't like the extra behaviour
> > for SYSTEM/Admins.  Neither do I.  Others are desperately waiting for
> > more.  The problem with compromises is, they are usually best if nobody
> > is completely satisfied ;)
> I have argued against treating them differently, purely based on
> consistency between the Windows and POSIX world (where possible at all).
> Other considerations have prevailed (maybe rightly so), so I'm not too
> surprised to find some inconsistency in the results.

Neither am I.  We're walking a fine line between two very different
systems handling ACLs.

> I don't think you'll find a UN*X system that reports executable
> permission on a plain file simply because root accesses it (for a
> directory it would do that of course).  The situation in the above case
> is on the face of it different (the ACL actually has the executable bit
> set), but as I understand you've been wanting to treat both secondaries
> like the root account.  I think it would be more sensible to ignore that
> execute permission on plain files when otherwise none is granted (since
> chmod will never mask it).  That would eliminate another reason to
> entirely remove the default/inherited ACL and I don't think it has any
> consequences on the Windows side.

Hang on.  As far as access(2) is concerned, Cygwin can't ignore the
execute permssions since the OS has its say here.  I don't think it's
overly helpful to tweak the result after the OS returned it, dependent
on the user being SYSTEM or having the Admins group in the token.
That's a lot of extra work for a questionable gain.

What we *could* try to do is to tweak the actual SYSTEM and Admins ACE,
though.  Rather than ignoring the CLASS_OBJ/ACL_MASK value completely
for them, we could apply the execute bit part only.  Usually it doesn't
make sense for SYSTEM/Admins having execute perms if nobody else has
since it's with high probability no executable file.

Would that make sense?


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150418/85d7502d/attachment.sig>

More information about the Cygwin mailing list