X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Fri, 23 Oct 2009 17:27:26 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: default ACLs
Message-ID: <20091023152726.GB5369@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <1256255127 DOT 2713 DOT 41 DOT camel AT mward-laptop DOT ops DOT acx>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1256255127.2713.41.camel@mward-laptop.ops.acx>
User-Agent: Mutt/1.5.17 (2007-11-01)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Oct 23 10:45, Mikel Ward wrote:
> Hi All
> 
> Default ACLs don't seem to work as they would on Linux, or for that
> matter as they do for files created via Windows Explorer.
> 
> Is this expected?

It's a bit unexpected, actually.  Some of the security-related code
hasn't been touched for years and it appears that some of the
assumptions are rather old-fashioned.  I read MSDN quite a lot today.
It seems that ACE inheritance depends on the usage of the high-level
functions SetSecurityInfo/SetNamedSecurityInfo.  Cygwin on the other hand
uses the ultra-low level function NtSetSecurityObject, which apparently
has no idea what ACE inheritance is about.

And it gets worse.  Neither the NtCreateFile function, nor the
CreateFile function handle ACE inheritance either.  So, even if you
provide these functions with a security descriptor with the
SE_DACL_AUTO_INHERIT_REQ bit set, it's simply ignored and no inheritance
is performed.

I'm not yet sure if I should fix this for 1.7.1.  Keeping this
behaviour for the time being is at least not a regression :}


Thanks for the report,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple