Issues with ACL settings after updating to the latest cygwin.dll - correction

Corinna Vinschen corinna-cygwin@cygwin.com
Sat Mar 5 10:01:00 GMT 2016


Hi Akiki(?),

On Mar  4 16:43, akikij@free.fr wrote:
> Hi,
> I have the different problems you have about this new security right NULL SID DENY added to some files.

I still doubt the NULL ACE is the actual culprit of whatever you
observe.  A NULL ACE doesn't affect your permissions, unless you have a
NULL SID in your user token, which is extremly unlikely.

> Sometimes also Windows can't access files concerned.
> He considered security rigths unordered and I have to class them before continue.
> It's too difficult for me to help you to correct the problem.

No, I don't think so.

First of all, the order in the ACL is deliberate to provide an emulation
of POSIX permissions.  Don't reorder the ACL using Windows means, this
*will* break the ACL evaluation.

Please also note that the Windows OS does *not* fail to evaluate an
ACL just because it's not in the so-called "canonical order".  The
OS strictly evaluates the ACL top-down, from the first to the last ACE,
without worrying about the order.  Only the GUI and certain Windows
tools written to manipulate an ACL (e.g. icacls) will choke on such ACLs.
Don't use such tools on Cygwin-created ACLs.  Use Cygwin's chmod, chown,
and setfacl for this.

My problem is this: You're the third person on this list reporting a
problem along the lines of "ACL doesn't work with Windows", without
giving me a clear reproducer.

What I need is a clear description what *exactly* you do and what
*exactly* fails.  I assume you created a file using some Cygwin tool
and then try to access it from non-Cygwin tools.  Are you unable to
read or write the file using that Windows tool?  Are you expecting
to double click on the file to execute something?  I really need a 
simple description which is easily reproduced using Windows system
tools.

What I then also need is that you do *NOT* try to *fix* the ACL, but
rather send me

- icacls output of the file and its parent dir
- getfacl output of the file and its parent dir

*If* there's a real problem, I need to be able to reproduce it,
otherwise I won't be able to fix it in Cygwin.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20160305/f4a4b5c7/attachment.sig>


More information about the Cygwin mailing list