This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Building perl-5.10.0


On Apr  1 15:21, Corinna Vinschen wrote:
> Hi Eric,
> 
> On Mar 23 20:28, Eric Blake wrote:
> >   POSIX also states that chmod(2) is
> > supposed to disable any ACLs that allow alternate access.
> 
> How long did you know that this is wrong in Cygwin?  I was really
> surprised to read that.  Maybe you told me already and I ignored it.
> One of the Cygwin patches in 2001 was to change the alloc_sd function so
> that unrelated ACEs are not touched when changing the ACEs reflecting
> the standard file permission bits.  It never occured to any of us that
> this might be wrong.  Oh well.  I'll look into changing that for 1.7.0.

Erm... hang on.  I just tested this on Linux:

  $ touch xxx
  $ getfacl xxx
  # file: xxx
  # owner: corinna
  # group: users
  user::rw-
  group::r--
  mask::r--
  other::r--

  $ setfacl -m u:nobody:r-- xxx
  $ getfacl xxx
  # file: xxx
  # owner: corinna
  # group: users
  user::rw-
  user:nobody:r--
  group::r--
  mask::r--
  other::r--

  $ chmod 666 xxx
  $ getfacl xxx
  # file: xxx
  # owner: corinna
  # group: users
  user::rw-
  user:nobody:r--
  group::r--
  mask::rw-
  other::rw-

This looks like what we do on Cygwin, too.  Shouldn't the "nobody" entry
disappear when calling chmod?  That's how I understand the statement in
the POSIX docs:

 "An alternate file access control mechanism shall [...] be disabled for
  a file after the file permission bits are changed for that file with
  chmod( ).  The disabling of the alternate mechanism need not disable
  any additional mechanisms supported by an implementation."

Either the ACLs of a file are not an "alternate" access mechanism,
but an "additional" access mechanism.  But that doesn't match the
description either:

 "An additional access control mechanism shall only further restrict
  the access permissions defined by the file permission bits."

Or, Linux doesn't follow POSIX here, which seems unlikely to me.

Or, I completly misunderstand what the above quote means.


Any comment?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]