This is the mail archive of the cygwin-cvs@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[newlib-cygwin] Document new ACL code


https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=396e8310b11d4cce63d8a7544c0fc624a4fd822c

commit 396e8310b11d4cce63d8a7544c0fc624a4fd822c
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Wed Nov 18 23:11:10 2015 +0100

    Document new ACL code
    
    	* new-features.xml (ov-new2.4): Add new ACL changes.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/release/2.4.0 | 36 ++++++++++++++++++++++++++++++++++++
 winsup/doc/ChangeLog        |  4 ++++
 winsup/doc/new-features.xml | 23 +++++++++++++++++++++++
 3 files changed, 63 insertions(+)

diff --git a/winsup/cygwin/release/2.4.0 b/winsup/cygwin/release/2.4.0
new file mode 100644
index 0000000..480b612
--- /dev/null
+++ b/winsup/cygwin/release/2.4.0
@@ -0,0 +1,36 @@
+What's new:
+-----------
+
+- New, unified implementation of POSIX permission and ACL handling.  The
+  new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
+  they allow to inherit the S_ISGID bit.  ACL inheritance now really
+  works as desired, in a limited, but theoretically equivalent fashion
+  even for non-Cygwin processes.
+
+  To accommodate standard Windows ACLs, the POSIX permissions of the
+  owner and all other users in the ACL are computed using the Windows
+  AuthZ API.  This may slow down the computation of POSIX permissions
+  noticably in some circumstances, but is generally more correct.  The
+  new code also ignores SYSTEM and Administrators group permissions when
+  computing the MASK/CLASS_OBJ permission mask on old ACLs, and it
+  doesn't deny access to SYSTEM and Administrators group based on the
+  value of MASK/CLASS_OBJ when creating the new ACLs.
+
+  The new code now handles the S_ISGID bit on directories as on Linux:
+  Setting S_ISGID on a directory causes new files and subdirs created
+  within to inherit its group, rather than the primary group of the user
+  who created the file.  This only works for files and directories
+  created by Cygwin processes.
+
+- New API: rpmatch.
+
+
+What changed:
+-------------
+
+- setfacl(1) now allows to use the -b and -k option combined to allow reducing
+  an ACL to only reflect standard POSIX permissions.
+
+
+Bug Fixes
+---------
diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog
index 8c92977..f20a72d 100644
--- a/winsup/doc/ChangeLog
+++ b/winsup/doc/ChangeLog
@@ -1,5 +1,9 @@
 2015-11-18  Corinna Vinschen  <corinna@vinschen.de>
 
+	* new-features.xml (ov-new2.4): Add new ACL changes.
+
+2015-11-18  Corinna Vinschen  <corinna@vinschen.de>
+
 	* utils.xml (setfacl): Accommodate -b/-k change.
 	* new-features.xml (ov-new2.4): Add setfacl -b/-k change.
 
diff --git a/winsup/doc/new-features.xml b/winsup/doc/new-features.xml
index 059609a..ff8c036 100644
--- a/winsup/doc/new-features.xml
+++ b/winsup/doc/new-features.xml
@@ -9,6 +9,29 @@
 <itemizedlist mark="bullet">
 
 <listitem><para>
+New, unified implementation of POSIX permission and ACL handling.  The
+new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
+they allow to inherit the S_ISGID bit.  ACL inheritance now really
+works as desired, in a limited, but theoretically equivalent fashion
+even for non-Cygwin processes.</para>
+
+<para>To accommodate standard Windows ACLs, the POSIX permissions of
+the owner and all other users in the ACL are computed using the Windows
+AuthZ API.  This may slow down the computation of POSIX permissions
+noticably in some circumstances, but is generally more correct.
+The new code also ignores SYSTEM and Administrators group permissions
+when computing the MASK/CLASS_OBJ permission mask on old ACLs, and it
+doesn't deny access to SYSTEM and Administrators group based on the
+value of MASK/CLASS_OBJ when creating the new ACLs.</para>
+
+<para>The new code now handles the S_ISGID bit on directories as on Linux:
+Setting S_ISGID on a directory causes new files and subdirs created
+within to inherit its group, rather than the primary group of the user
+who created the file.  This only works for files and directories
+created by Cygwin processes.
+</para></listitem>
+
+<listitem><para>
 New API: rpmatch.
 </para></listitem>


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]