This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Group Permissions on root folders problem (Windows 10 TP build 10061)
- From: David A Cobb <superbiskit at cox dot net>
- To: cygwin at cygwin dot com
- Date: Thu, 10 Sep 2015 16:41:50 -0400
- Subject: Re: Group Permissions on root folders problem (Windows 10 TP build 10061)
- Authentication-results: sourceware.org; auth=none
- Authentication-results: cox.net; auth=pass (CRAM-MD5) smtp dot auth=superbiskit at cox dot net
- References: <CAMH9mcFEL3mao+m-DEYM84kC1HOPeSBpZXD+mDf0USobF9oY7g at mail dot gmail dot com> <CAMH9mcFOKjvjiFvvk1ju0ZxBDK28MaktdnYwj5_CjvbgnpVO4A at mail dot gmail dot com> <20150616155843 dot GE31537 at calimero dot vinschen dot de> <DJzl1r0012qVqVd01Jzm3c> <55F1A69D dot 9050201 at cox dot net> <FU891r01R2qVqVd01U8Bkq>
On 2015-09-10 12:07, Ken Brown wrote:
On 9/10/2015 11:49 AM, David A Cobb wrote:
On a Windows-10 host: when I use Cygwin *chown***or *chmod *to make
permission changes, the next time I access the folder-tree from Windows
Explorer Security tab, it complains that the Access Control List is
incorrectly ordered and that will cause undesirable results; happy to
say, it gives me the chance to re-order the ACL. The usual undesirable
result is that an app can create a folder /New/ within /T/ but cannot
create anything within /T/////New/.
<SNIP />
This is explained in the Cygwin User's Guide:
https:/cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files
Ken
OK, but where the UG says:
<QUOTE >
* All access denied ACEs *should* precede any access allowed ACE. ACLs
following this rule are called "canonical".
Note that the last rule is a preference or a definition of correctness.
It's not an absolute requirement. All Windows kernels will correctly
deal with the ACL regardless of the order of allow and deny ACEs. The
second rule is not modified to get the ACEs in the preferred order.
Unfortunately the security tab in the file properties dialog of the
Windows Explorer insists to rearrange the order of the ACEs to canonical
order before you can read them. Thank God, the sort order remains
unchanged if one presses the Cancel button. But don't even *think* of
pressing OK...
</QUOTE>
What I'm seeing suggests that the statement of Windows (really NTFS?)
"correctly dealing with this" is no longer correct. What is more, if I
do /not/ allow Windows to reorder the rules to its own liking, I cannot
correct the symptom described about not being able to access files
within "/New/".
It's all very well to say "don't even think of pressing OK," but IMNSHO
Cygwin should /_never_/ allow a user to create a situation which is so
unacceptable to Windows. It would be better to tell the user "I'm
sorry, Dave, I'm not able to do that." [Correct quote from Hal of '2001'
forgotten]. I know that not all settings allowed in POSIX can be
represented -- so refuse to try setting the things that cannot be
represented.
I wouldn't mind mounting everything as "noacl," but would that not
disable even the limited permission settings we can represent?
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple