On Sep 29 18:52, Corinna Vinschen wrote: > On Sep 9 07:47, Barry Kelly wrote: > > Unfortunately, Cygwin creates an ACE for the group Everyone, even with > > umask 0077, or after chmod 0700 is applied. Specifically, this is what > > it looks like using cacls: > > > > Everyone:(special access:) > > READ_CONTROL > > FILE_READ_EA > > FILE_READ_ATTRIBUTES > > > > How can addition of this ACE be controlled or prevented by default for > > Cygwin applications? > > It can't be prevented right now. I added "don't create null > group/everyone ACEs to file ACLs" on my Cygwin 1.7 TODO list.
Fresh back from vacation I missed the crucial point here. Sorry. The real answer is: It can't be prevented and there are no plans to add code to prevent it, since these read permissions are required to get POSIX-like permissions. Unless, of course, you go without POSIX permissions entirely. The setting for this is the "nontsec" keyword in the environment variable $CYGWIN until Cygwin 1.5.25(*), which has global scope, or the mount point option "noacl" in /etc/fstab starting with Cygwin 1.7(**), which has a per-mount point scope. Using nontsec/noacl will result in getting Windows default permissions instead of POSIX equivalent permissions. Corinna (*) http://cygwin.com/cygwin-ug-net/using-cygwinenv.html (**) Preliminary docs: http://cygwin.com/1.7/cygwin-ug-net/using.html#mount-table -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/