This is the mail archive of the
cygwin-cvs@cygwin.com
mailing list for the Cygwin project.
[newlib-cygwin] Document new ACL code
- From: Corinna Vinschen <corinna at sourceware dot org>
- To: cygwin-cvs at sourceware dot org
- Date: 18 Nov 2015 22:13:01 -0000
- Subject: [newlib-cygwin] Document new ACL code
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=396e8310b11d4cce63d8a7544c0fc624a4fd822c
commit 396e8310b11d4cce63d8a7544c0fc624a4fd822c
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Wed Nov 18 23:11:10 2015 +0100
Document new ACL code
* new-features.xml (ov-new2.4): Add new ACL changes.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/release/2.4.0 | 36 ++++++++++++++++++++++++++++++++++++
winsup/doc/ChangeLog | 4 ++++
winsup/doc/new-features.xml | 23 +++++++++++++++++++++++
3 files changed, 63 insertions(+)
diff --git a/winsup/cygwin/release/2.4.0 b/winsup/cygwin/release/2.4.0
new file mode 100644
index 0000000..480b612
--- /dev/null
+++ b/winsup/cygwin/release/2.4.0
@@ -0,0 +1,36 @@
+What's new:
+-----------
+
+- New, unified implementation of POSIX permission and ACL handling. The
+ new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
+ they allow to inherit the S_ISGID bit. ACL inheritance now really
+ works as desired, in a limited, but theoretically equivalent fashion
+ even for non-Cygwin processes.
+
+ To accommodate standard Windows ACLs, the POSIX permissions of the
+ owner and all other users in the ACL are computed using the Windows
+ AuthZ API. This may slow down the computation of POSIX permissions
+ noticably in some circumstances, but is generally more correct. The
+ new code also ignores SYSTEM and Administrators group permissions when
+ computing the MASK/CLASS_OBJ permission mask on old ACLs, and it
+ doesn't deny access to SYSTEM and Administrators group based on the
+ value of MASK/CLASS_OBJ when creating the new ACLs.
+
+ The new code now handles the S_ISGID bit on directories as on Linux:
+ Setting S_ISGID on a directory causes new files and subdirs created
+ within to inherit its group, rather than the primary group of the user
+ who created the file. This only works for files and directories
+ created by Cygwin processes.
+
+- New API: rpmatch.
+
+
+What changed:
+-------------
+
+- setfacl(1) now allows to use the -b and -k option combined to allow reducing
+ an ACL to only reflect standard POSIX permissions.
+
+
+Bug Fixes
+---------
diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog
index 8c92977..f20a72d 100644
--- a/winsup/doc/ChangeLog
+++ b/winsup/doc/ChangeLog
@@ -1,5 +1,9 @@
2015-11-18 Corinna Vinschen <corinna@vinschen.de>
+ * new-features.xml (ov-new2.4): Add new ACL changes.
+
+2015-11-18 Corinna Vinschen <corinna@vinschen.de>
+
* utils.xml (setfacl): Accommodate -b/-k change.
* new-features.xml (ov-new2.4): Add setfacl -b/-k change.
diff --git a/winsup/doc/new-features.xml b/winsup/doc/new-features.xml
index 059609a..ff8c036 100644
--- a/winsup/doc/new-features.xml
+++ b/winsup/doc/new-features.xml
@@ -9,6 +9,29 @@
<itemizedlist mark="bullet">
<listitem><para>
+New, unified implementation of POSIX permission and ACL handling. The
+new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
+they allow to inherit the S_ISGID bit. ACL inheritance now really
+works as desired, in a limited, but theoretically equivalent fashion
+even for non-Cygwin processes.</para>
+
+<para>To accommodate standard Windows ACLs, the POSIX permissions of
+the owner and all other users in the ACL are computed using the Windows
+AuthZ API. This may slow down the computation of POSIX permissions
+noticably in some circumstances, but is generally more correct.
+The new code also ignores SYSTEM and Administrators group permissions
+when computing the MASK/CLASS_OBJ permission mask on old ACLs, and it
+doesn't deny access to SYSTEM and Administrators group based on the
+value of MASK/CLASS_OBJ when creating the new ACLs.</para>
+
+<para>The new code now handles the S_ISGID bit on directories as on Linux:
+Setting S_ISGID on a directory causes new files and subdirs created
+within to inherit its group, rather than the primary group of the user
+who created the file. This only works for files and directories
+created by Cygwin processes.
+</para></listitem>
+
+<listitem><para>
New API: rpmatch.
</para></listitem>