Web lists-archives.com

Re: Cygwin's ACL handling is NOT interoperable with Windows




Am 04.08.2018 um 19:11 schrieb Stefan Kanthak:
Hi,

Hi Stefan,


<https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files> states:

| There's just one problem when trying to map the POSIX permission model
| onto the Windows permission model.
...
| Canonical ACLs are unable to reflect each possible combination of POSIX
| permissions.
...
| Again: This works on all supported versions of Windows. Only the GUIs
| aren't able (or willing) to deal with that order.

These last two statements are wrong:

* the first statement holds ONLY because of the LIMITATION of the POSIX
   permissions; it is WRONG for the general case, which ALL Windows
   interfaces/components need to consider and handle, EVERYWHERE!

Cygwin aims to POSIX compliance, using the tool given by Windows.
Have you tested all the possible POSIX permissions and verified that
it is possible to replicate with windows ACL ?
Please note that ACL were not created by Microsoft.

* the second statement is a blatant lie: to guarantee CORRECT
   interpretation of arbitrary ACLs, ALL Windows interfaces/components,
   not just the "GUIs", MUST create CANONICAL ACLs only.

That is your opinion.
About the "lie", may I suggest you an old Italian classic

"Galateo of Manners & Behaviours by Giovanni Della Casa"
http://www.gutenberg.org/ebooks/47993


   This especially means that not just Windows Explorer, but also the
   command processor with its builtin COPY command as well as the
   CopyFile() <https://msdn.microsoft.com/en-us/library/aa220078.aspx>
   API (just to pick 3 examples) bring INHERITED ACEs into their PROPER
   canonical order.

As Cygwin is a guest in the house of Windows, it should respect its hosts
house rules; instead it but violates them, and blames the host for its
faults!

What is your problem ?

If you don't like how cygwin is behaving, you can:

- stop to use it
- propose a change (with a patch of course)
- learn to use it without venting

Fix Cygwin's BUGGY ACL creation!

Cool down. You paid nothing, we own you nothing.

No one here is paid to solve your "theorical" problem;
if you know a better way to handle the POSIX permissions
show us the code and we can discuss.

regards
Stefan Kanthak

Best Regards
Marco

---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple