X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
X-IronPort-AV: E=McAfee;i="5300,2777,5455"; a="13738465"
Message-ID: <493A13FB.6090503@qualcomm.com>
Date: Fri, 05 Dec 2008 21:56:11 -0800
From: Rob Walker <rwalker AT qualcomm DOT com>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: CYGWIN=ntsec, "cp -a", and NT acls
References: <4939CF79 DOT 5010405 AT qualcomm DOT com> <4939DED2 DOT EB875495 AT dessent DOT net> <4939FAEC DOT 4050908 AT qualcomm DOT com> <493A06EF DOT 7B6E3A69 AT dessent DOT net>
In-Reply-To: <493A06EF.7B6E3A69@dessent.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Thanks for your patience, Brian.

-Rob

Brian Dessent wrote:
> Rob Walker wrote:
>
>   
>> [RGW] Hm, looks simple...  Why isn't this part of "cp -a" ?
>>     
>
> You have to understand the history of things.  In the classic unix
> world, a file has an owner, a group, a mode, and several timestamps. 
> From the standpoint of what "cp -a" can manipulate portably, that's
> basically it.  All of those things are neatly returned by stat(3) and
> are easily settable/copyable across various filesystems.
>
> Extended attributes and/or ACLs are a relatively new introduction --
> 'new' relative to the fact that traditional unix filesystems are more
> than 30 years old.  They are also inherently very filesystem and
> operating system-specific: everybody does it slightly differently. 
> Check out this overview of the subtle differences of a dozen different
> platforms' ACL APIs:
> <http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob_plain;f=doc/acl-resources.txt;hb=HEAD>.
>
> It's very hard for a general program like 'cp' to know about all these
> various ACL APIs, let alone have any idea how it would go about
> translating the semantics of one to another, which would be required for
> copying across two different filesystems.  Remember that 'cp' comes from
> GNU coreutils which is a set of generic tools that target dozens of
> various *nix-ish platforms, whereas the implementations of the getfacl
> and setfacl commands come from Cygwin itself which has the specific
> knowledge of Windows NT ACLs.
>
>   
>> [RGW] This differs from my experience.  Many Windows tools are able to 
>> (built to?) twiddle +R and overwrite.  They do not seem to be able to 
>> handle when the ACLs deny them permission, though.
>>     
>
> Again, attributes have zero to do with security or permissions.  They
> are just a few extra advisory bits that the application (or C runtime)
> is free to interpret in any way it wants; they offer nothing in the form
> of OS-enforced restrictions.  The Cygwin feature of using the 'backup
> privilege' to emulate root semantics is about bypassing ACLs, not
> attributes.
>
> Brian
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>
>   


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/