On Aug 13 18:33, Corinna Vinschen wrote: > On Aug 12 20:59, Achim Gratz wrote: > > Corinna Vinschen writes: > > >> I think so, but there are likely some corner cases. But I think that > > >> had been proposed and shot down already, so I was trying to come up with > > >> something less intrusive. > > > > > > This is relatively unintrusive. The current user token is always > > > available. So if owner == current user, for every group in the file's > > > ACL just check if it's in the current user token and, if so, add the > > > perms of that group to the owner perms. > > > > > > Sounds pretty neat as an intermediate solution to me. > > > > I'd play the guinea pig for that snapshot… :-) > > This puzzles me a bit. As example you gave something like > > ----rwx---+ gratz Domain Users [...] foo > > Given the code in recent Cygwin versions, this shouldn't happen if the > user gratz is member of the Domain Users group. The current code > doesn't test all groups in the ACL, only the primary group, but that's > sufficient in most cases. > > So this could only happen if you modify the permissions of windows files > using Cygwin tools and Cygwin helpfully gernerates a DENY ACE for the > owner. > > I'm just not exactly sure about the way to go to get these permissions > in a non-artificial scenario. But I can reproduce it like this: > > - The file xxx has a primary group different from the group which has > permissions, e.g.: > > owner: foo > pgroup: foo_group > > acl: 1 entry > bar_group: full control > > - ls -l xxx > ----rwx---+ 1 foo foo_group 68565 Aug 10 10:37 xxx > > - $ chmod g-w xxx > > - Afterwards, the POSIX-like ACL looks like this: > $ icacls xxx > xxx foo:(DENY)(S,RD,REA,X) > foo:(D,Rc,WDAC,WO,RA,WA) > foo_group:(RX) > Everyone:(Rc,S,RA) > bar_group:(RX)
Oh, I get it. This is *because* the current Cygwin doesn't check membership of all groups in the ACL. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
pgpe8Ab7jSUxX.pgp
Description: PGP signature
