[ANNOUNCEMENT] Updated: Cygwin 1.7.35-1

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Mar 9 19:29:00 GMT 2015 

On Mar  9 18:59, Achim Gratz wrote:
> Corinna Vinschen writes:
> > The problem is this.  How long do you want `ls -l' take?  Checking
> > permissions is awkward and lengthy on Windows, unless you have the
> > user's token.
> 
> The only token that's relevant for the ACL mapping w.r.t. POSIX
> semantics is that of the current user and Cygwin should already have
> that I think.  Plus the extra work only needs to be done when the file
> is owned by that user and/or the egid is identical to the group of said
> file.  In all other cases the normal ACL processing should actually
> yield the same result as mandated by POSIX.
> 
> > The access check can be improved and the permissions more correctly
> > shown for the current user, but for any file and any user account,
> > it'd be a lot of time-consuming effort.
> 
> I'd say that Cygwin already does all of that,

No, it doesn't.  Not for any arbitrary user, only for the current user.

>   It already has to check who the
> owner and group is, so that information is also there.  I'm not sure how
> much more work it is to graft the permissions.

A lot.  Cygwin has the owner and the primary group of the file, but
that doesn't mean it can check if the user is a member of the group or,
fwiw, any group in the ACL "just so".  Of course it *can* check that,
but that either requires to generate a user token for that user from
scratch, or it requires to fetch the group memberships of the user from
the Windows account DB.  In the second case there's no Windows function
to perform the check.  And for ACLs with multiple users the access
check would have to be performed for each user.

Btw., if you generate the permissions under Cygwin, a file with
---rwx--- permissions will have the matching deny ACE to make the
permissions the real thing.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150309/4d4ed723/attachment.sig>

More information about the Cygwin mailing list