Shares with strange ACL settings

Andrey Repin anrdaemon@yandex.ru
Tue Aug 11 17:20:00 GMT 2015 

Greetings, Achim Gratz!

> I've thought some more about those strange shares I need to use that have
> inherited ACL that don't let me change the ACL at all and hence prevent
> Cygwin from fixing up the POSIX permissions.  That generally ends up with
> permissions like these:

> % ll test
> total 10
> d---rwx---+ 1 gratz          Domain Users    0 Aug 10 11:51 ./
> d---rwx---+ 1 Administrators Administrators  0 Aug 10 11:50 ../
> ----rwx---+ 1 gratz          Domain Users   18 Aug 10 11:51 blafasel*
> ----rwx---+ 1 gratz          Domain Users   18 Aug 10 11:51 blumblum*

> Some applications that know how POSIX ACL are supposed to work conclude that
> such directories or files are not readable:

> % cd test
> % perl -E 'say -r "." ? "readable" : "not readable";'

Perl is known to have "special" treatment of file permissions.
This issue has been raised in the list before.

> not readable
> % perl -E 'say -r "blafasel" ? "readable" : "not readable";'
> not readable

> Other applications not using this shortcut and going all the way to
> faccessat correctly determine readability:

> % [ -r . ] && echo readable || echo not readable
> readable
> (1056)/mnt/upload/test > [ -r blafasel ] && echo readable || echo not readable
> readable

> If I access the files from another account (that has the same group
> memberships that give read/write access to the share) or change the owner,
> then the shortcut is never invoked:

> $ perl -E 'say -r "." ? "readable" : "not readable";'
> readable
> $ perl -E 'say -r "blafasel" ? "readable" : "not readable";'
> readable
> $ [ -r . ] && echo readable || echo not readable
> readable
> $ [ -r blafasel ] && echo readable || echo not readable
> readable

> So, it would probably help if I had a mount option to force the ownership to
> some account that I am never logged in as, either via a mount option or
> whenever the POSIX user modes are all cleared.  I don't know if that might
> confuse applications when they check ownership on newly created files,
> though.  Is that something that is implementable easily so it could be
> tested via a snapshot?


-- 
With best regards,
Andrey Repin
Tuesday, August 11, 2015 20:04:58

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list