This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Shares with strange ACL settings

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Wed, 12 Aug 2015 17:26:01 +0200
Subject: Re: Shares with strange ACL settings
Authentication-results: sourceware.org; auth=none
References: <loom dot 20150811T101658-176 at post dot gmane dot org>
Reply-to: cygwin at cygwin dot com

On Aug 11 08:42, Achim Gratz wrote:
> I've thought some more about those strange shares I need to use that have
> inherited ACL that don't let me change the ACL at all and hence prevent
> Cygwin from fixing up the POSIX permissions.  That generally ends up with
> permissions like these:
> 
> % ll test
> total 10
> d---rwx---+ 1 gratz          Domain Users    0 Aug 10 11:51 ./
> d---rwx---+ 1 Administrators Administrators  0 Aug 10 11:50 ../
> ----rwx---+ 1 gratz          Domain Users   18 Aug 10 11:51 blafasel*
> ----rwx---+ 1 gratz          Domain Users   18 Aug 10 11:51 blumblum*

I don't know what to do about this.  We're talking back and forth
about reflecting group perms into user perms and whether we do it
or not, it always seems to have some downside on some installations.

A reworked implementation which takes the exact user perms into account
in a Windows environment, and which works from a normal user account is
a major undertaking.  I doubt I'll have the time to implement something
big any time soon.

> Some applications that know how POSIX ACL are supposed to work conclude that
> such directories or files are not readable:
> 
> % cd test
> % perl -E 'say -r "." ? "readable" : "not readable";'
> not readable
> % perl -E 'say -r "blafasel" ? "readable" : "not readable";'
> not readable
> 
> Other applications not using this shortcut and going all the way to
> faccessat correctly determine readability:
> 
> % [ -r . ] && echo readable || echo not readable
> readable
> (1056)/mnt/upload/test > [ -r blafasel ] && echo readable || echo not readable
> readable
> 
> If I access the files from another account (that has the same group
> memberships that give read/write access to the share) or change the owner,
> then the shortcut is never invoked:
> 
> $ perl -E 'say -r "." ? "readable" : "not readable";'
> readable
> $ perl -E 'say -r "blafasel" ? "readable" : "not readable";'
> readable
> $ [ -r . ] && echo readable || echo not readable
> readable
> $ [ -r blafasel ] && echo readable || echo not readable
> readable
> 
> So, it would probably help if I had a mount option to force the ownership to
> some account that I am never logged in as, either via a mount option or
> whenever the POSIX user modes are all cleared.  I don't know if that might
> confuse applications when they check ownership on newly created files,
> though.  Is that something that is implementable easily so it could be
> tested via a snapshot?

I'm not sure I understand the idea of mounting w/ an explicit user account
and how this might help.  What about just using the noacl mount option
for weird shares like the above?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpqiWvnquHwW.pgp
Description: PGP signature

Follow-Ups:
- Re: Shares with strange ACL settings
  - From: Achim Gratz

References:
- Shares with strange ACL settings
  - From: Achim Gratz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]