This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Cygwin Everyone group permissions and Vista "shared files" (*not* shared folders)


Cygwin by default, tries to implement POSIX permissions using the NT ACL
system - fairly well described here:

  http://cygwin.com/cygwin-ug-net/ntsec.html

The way this feature is implemented interacts poorly with Vista,
however. A previous mailing (with reply) on this list that tried to
describe this issue is here:

  http://www.mail-archive.com/cygwin@cygwin.com/msg83783.html
Reply:
  http://www.mail-archive.com/cygwin@cygwin.com/msg83794.html

The Vista feature in question is "Shared Files", which is *not* the same
thing as a network share. Rather, it describes files which are shared
between *different* users of the *same* computer, rather than different
users in a network environment.

Vista comes with a saved search that tries to show all such "Shared
Files" in your profile directory, recursively; i.e. files that you would
reasonably expect to own, but are letting other users of the same
computer access. The saved search is located here:

  C:\Users\<user-name>\Searches\Shared By Me.search-ms

The way it appears to work is by looking for files and directories which
have access-allowed access control entries (ACEs) for the groups Users
or Everyone.

Unfortunately, Cygwin creates an ACE for the group Everyone, even with
umask 0077, or after chmod 0700 is applied. Specifically, this is what
it looks like using cacls:

                     Everyone:(special access:)
                              READ_CONTROL
                              FILE_READ_EA
                              FILE_READ_ATTRIBUTES

How can addition of this ACE be controlled or prevented by default for
Cygwin applications?

Thanks,

-- Barry

-- 
http://barrkel.blogspot.com/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]