DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 5AG1io3i928593
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 5AG1io3i928593
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=X7UhLbnv
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4FEC73858D20
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1763257488;
	bh=8VHX3CXcwUfSBZIKJeWP/mOboZaIUXJPlHzVLXx4E3M=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=X7UhLbnvDGHab5BXsmcgRt3UN5jUOtILA4+IH2JnQhzg/OHbqnoJao7r/dO8lAxYZ
	 5hs8ywMOqT9g8wgJErle768Qf3x2CtzRc1+qpqDmca2VfHrEAP/mQeBdzFz/pgJuMh
	 s6YQEem6YMbX+80KcY8e5WHiepekADesuBiOe+V0=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 58C813858C56
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 58C813858C56
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1763257230; cv=none;
 b=CaYpp45t47mRK+UrODwmjIhWxIVovIhITlJmP56bb5eM8Z0pW7uUdt8B/uT06m/BqIEkwIzPfZAArhxwBMgvknjVlXuDvzJJBDJoLdIRpucFHkr5FMz+a9gg8BE9zEN6IlliSfLWA0FaGdXR7jCluWFGgcl69NkT3irNYdq5Xwg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1763257230; c=relaxed/simple;
 bh=iQQk3cZMdIJrRe4t5zwf/DmhZC5jqpg9QcEtKGWxmJ8=;
 h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;
 b=kQNzJIyCs2Ee5waW76nxAqK9NuwGuRh18+XCdM9AUORJxgbpSPqBBgrQZ9+mR7+kRB0QSMfKFGpMPPcfxRagCweGhAndKH90/JU8TxACkYOD7jIRuFhFOf3RUEFQ7SdVHGPP/sVEfjAKYk8gcW+MIpO4FzGCJ5jGE1jb70tkW7Y=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 58C813858C56
X-UI-Sender-Class: 55c96926-9e95-11ee-ae09-1f7a4046a0f6
Message-ID: <d21b4aa3-3915-439e-9a07-2cb169ddf2ab@towo.net>
Date: Sun, 16 Nov 2025 02:40:31 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Cygwin API to atomically create a new file with an ACL?
To: cygwin AT cygwin DOT com
References: <CA+1jF5q8VmGAiUyrQQ1dLa_0KLByfsFLtic86kr61HTTFAm9oA AT mail DOT gmail DOT com>
 <0a1391ac-adba-4420-b581-ccdb3842109a AT towo DOT net>
 <CA+1jF5r47SbFZHk4rp0z8K0ezGhrZpaVUu6pKMb=4VJnYQ0vcg AT mail DOT gmail DOT com>
Autocrypt: addr=towo AT towo DOT net; keydata=
 xsDNBGNaf3QBDACVevqudcTSevLThXKQPU1QpaDxtGuYjtwmr7i9wXxVGih4Y4oxOJN4PYlu
 KBX9IVAI4651dA+xYtXuyIkWOPZWyyzkGKavQOn3Q7dk09oj7bh2IwOndpxXXde337D408EQ
 bQEGbMHr9lOWhSAideowzgCeFIvGTf2AovbPh97HpexJn1/HCRiRAhTNlrkS1DByUgCAeEMK
 fEr6aGM/Ou29MT+eTnQwOIZTnl9Z9LxM2FtqqMH3MycC7I2OoW3XXhuL8BPQdyJUjWa0/J11
 Oo5jFkRXtWenIns6jGn18oW72jnDmo9jXwwS+iZWAV6Y51nhD7jSC+3xs9ORmPCdtHUSpTr1
 zh67UueUJ3DUUNVuA25Hn/9EJMJ2L60BGUEr88NEB6pcZhmcwdkurAQeYT6t+frzBz2ctsoN
 BoxP/Xc02yd+z7hXWRRMrJWh9WHlQHA3Z4FfmyNhyPhs3MgKTJ1E9QfzGquigAmF3/k/Dc1m
 7cSOKhGYhpEJdSpdXccJFKkAEQEAAc0cVGhvbWFzIFdvbGZmIDx0b3dvQHRvd28ubmV0PsLB
 BwQTAQgAMRYhBHUiRKsHn5d8BpWdP8bz0e72Bp0CBQJjWn93AhsDBAsJCAcFFQgJCgsFFgID
 AQAACgkQxvPR7vYGnQKSMAv8Di+8MXB2mcfsemRdShfLLKcLOv+d0CXAtPVaY3XKxbKpRvC9
 +AAT5wIHYjQft77/b2y87vGIh+nQ5hKLtNtQPSDtqG/Igkb5jAXpLi28fSUzgM96DvARmwve
 5wSnAU3prxH+Y63YpOpslEcGMRoEtYCDy1ANMYPcEZT/YvDd4CplyyEai4VYrw3/LsESDYlY
 GK6uMQzZ1jl2cNOUFu6BwLUeZIcwaqGto8n4R4nbf4jxUEpa21bWBPqE+Jf49uipjPr/iJ72
 5HbdWuuCfyTTJEJjfNEBigWP2RXM9iNDcO61V3aEjh76tThfBK2MMlLWfZkQaQziu24x8R4B
 I0efJYWBX2Sv2qnsH/EWj7FUIZjRqGG7LnWHLShfG6yjSOTOWYi8BbsvoftpaLWgZX28aGX4
 uzuSZ5L0caXh/pr/gSgqoH/YbuFIgqtQH4seOBgTybd22Vpe78rnc+8450pN8qwchHAZaJka
 UxS0SpYxXzXmHUKILA4C43s0U/z2Mez9zsDNBGNaf3cBDADeJ7paMrb6f1+k8wM7tyk0/Ded
 KX/pOejt/D20Ceerw2iL/4tUmBL+A3ic2yjiSFUSsEfHwgCVwKrn4MwZtkesdiphm2lk6xWc
 k1ENCQy44QwQT6UZ/mHWYWcj5LS6ua183x1zdn9iF3lv150nm/ssw56D7USz/ap1Vh0lf5te
 D+CIheGLocVDqxWiu7rHP8jKRWFgq/+OU6HKX8p2Yv1oYsykh9qF2bFzawLDS+S1VbfRicfD
 G0RtceL/BAf7b6UE5u9TGdfrFEa2TKZeS/FS/ViKUfwsXQIki1sWt2FQENbuDY28vxyR46ZZ
 0gixDCFUoBw5pkmOGVQa+1RQYrRqlN4X0CAgp7mFVeEHl5NTgiL1bemkQVmHOUDG+CzNg+Lk
 UGoedAtT672l3JjrnSs4j8zNshpgV2OfAhAC+V9XvqCjMnxzVfXkVlbuWpPfUWQeFclLGg8P
 agpQUE0Ux+VV4DoeQCxYEnRCf/n7n+IRfILj5+2l6Zw4M7zSu6ii0tUAEQEAAcLA9gQYAQgA
 IBYhBHUiRKsHn5d8BpWdP8bz0e72Bp0CBQJjWn97AhsMAAoJEMbz0e72Bp0CQr4L/REdT0SF
 mbapnZIe92THCdtAUgwEv8VdNiNFBJelz8P/fuXuNPtisYvQQD4e64zpWe2UC4Cxo9DUk/pW
 6Qci1xaXRKEiSPjHdSGGVB1PFIcqiS75GCf/ga/Dnfsy0Y4Uh6OGTQnkvZLBCe3vvcVLDQ7F
 PuV79zA9/eOeOW6aGoO6bq/wH+z96f9LyTITkQDy07fm6JYTGuzAoJE2AEboU1mgbtlx+tAa
 QFkpAQkp2g1Vhc3A7k4vntlHOrjMC+uVFh7QTGFfIlLRF6izUjSe6EZ06LErzlIiE05RP3yF
 FSRWidW0wze26peYlxYVgH1+T9wMTW2oiTBybfAMHBAxUP7Gr1WUo/oJEr0srWhatz8AwydP
 y7NwFbdpYn0NcFBaIlLW/JL11Eovwlivow+oGpzGFuuzSuflp2q9s2JWtn4EhW0kEs93D0LP
 iuJWvRaCZ6aD3uF3FMW8wyVWZYsLrzune2jH8w/uKMprDEOGOm+BcyhEFedTyY1ygbZKl+0G kQ==
In-Reply-To: <CA+1jF5r47SbFZHk4rp0z8K0ezGhrZpaVUu6pKMb=4VJnYQ0vcg@mail.gmail.com>
X-Provags-ID: V03:K1:WWnS5AXibFE+hf6r+4dPeCq0rFTIDdqFMRxSTnszDsJWrESCyT5
 sXXTYDZ2caHhI95lZerHDkKSxr5oilRxyJIH1d68CLjZK8cpcbYpLdzEpDsVKd7zbRtSIJu
 wjp0qdI8tqhqt/gBxy00gKm8Pe6kWxWM/atYB4zphqMg8EY1Zjj2DjxHmVUl+9dBq3Angrc
 ZavYA6tNgrEAGlxlujDKA==
UI-OutboundReport: notjunk:1;M01:P0:zPgTmKQmO9s=;5W1y5KT/uWrI5ZxAG7RUKYcDII2
 5g9zTN2oS34MgWXsuDPyFpWQ1PEbMUGSf2dnPWSFhUBkihDyss26QYUHfNdJuvYL3bkxvzcjf
 akx8J7ZoLIpEXZtEIUvJYz7+eL7OBGOmN/qL74SwFeexwPpsmS6DIqwCetHtuzqm5mYOOhPtL
 7DMeFw1QJar9HAallNF4nK1xSDafQ0YA9Xvrgv9/jJjWA4VCGFDgkJXP5K5rtb1ANgvuTfIBs
 Q/1B5Fa132ZASOSj7AMWlJahIcb8upTh1vyxhETBSCmgOIkG5IqHG+h4QtS/8TGUitUc+3POf
 R2BTgBXgdMuW23afU9y2fjF0hiU12nB+/OhErKAyh35Nt3afExsc+YSZUIWPbSf5riOHWl7V6
 8iyGrcrvmFlLsUUAfIhccMhcZ796dfI4YBOaWFDqskfGg1vZ/wvn1TZK4AgiXauXLQI/vbPQ6
 yhWUQTpu/ugdQUuCuYHPKCiHJaE5R9rVTOU3VTmBrO3p73b4moaql8kEqoOBiE+p0f08gop4q
 4kY97QQsp6C/WJ4+VFrXyS/eyw5A4G7snHQMvs4O9r5+8dYi/OZpU8fpTHWgmJAwDYzfLn0Rn
 xYAUZ/hGb435mWE/HqazdyZiXAkheHSGxVUl2pr0EYYmQLiQnducDj20OzZWqXGld+P2d6Ib3
 9Qs7aBAU+3nZ/IKGjRVYAhlTos1lyab+QVIBMZLjVwn8ufyh68RVi6HDgnS8rY5r2mxoxR+Hp
 vMpqBjhTAf14DMqiILM1OY5H+tnJ8t7i6A8waECqr4mTS+vvxEkCwKznLdiAqk/84GDQAY8AI
 iQBmmylW8quVQwsVI48G2i554eFgQPVDTfa1VMlGQknW1u1p9P2KD1SL+zV5m18Uu4+Ly1pgv
 HrIAODCGiIaQ6UYjg2Uy4mpTSnXEhh2qzTIYifAH9sVfv4rhrp0rBNQPzP6a/wowAMMaAhlSw
 BY40E25P0qT3BEwecUC/emEjnooDXAEck+fSxR3iXeWSoEDRP6IebHs27DjM5NCik400++4lH
 mBMNmi2ZbehUSQnAGVEeiHKu+olP5d4w09CAxeXwGlKGJ/Brpi3nX79tsoGUFs3u1FHF8ox4i
 2BEZ1Kamq1+gbBtkuPkD8Bk89u9KoaIInZ48n5iQ7/Mb5GBsS6PjJFxQyLSN0MjxDmiie0Vp/
 Lpo9cIlfsPl3S8HmaQU7bSyOKhawKFULsgUd+tP4niXH0o7VbCjRSsW3TK3ZTQJeIcfdt+6VR
 TpHS0MvOP9hftgjMesJGksw+TI1VEYfw7UxJ4hszkxzSe0OQW9eQOepYIzO0+TrBv56WNMpWy
 AeKfdanZGPzwkmrpQafUpK5GSMTrXiN3ORnMO0Z5/uWxwh+yMk212YLsxRAaCiDOy7PLuRhwf
 j1Pv1QB0iUXpdODNIwi0BKRxs0YAcLR/mBi4KbS+9y8kIc4QhU8/1u2ZerUN9WtJd0GPOV2nM
 gx1Ad7Kx/Uit0pgzHyrtrFHRAyFJzOZkTBkpbt7/ESOgjUr6qgPLgjy2QYYJOOSZqLacIAQbL
 BdhmKNK49M0xjwLzOo+lbUC6VkA3kBzKwp5FdMIVYX93z+q0Mwq5Ec8vR0tatixcKykf0Alqb
 7D0ZHQGt7kx6Xh+k+sCfwyxP1SGmiChB8X39FwFej/glkEhYjvpUCCjz5HLBI3DPu67yJb7fI
 EfzVPSrHFpW+43ibuAOhVdu9AX2LBNe9W5zh4TGXy0fF9zPptY0qI6/0+RmZDhenfOIJiUPiw
 mQmqTRhzqghzN
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Thomas Wolff via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Thomas Wolff <towo AT towo DOT net>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 5AG1io3i928593

Am 15.11.2025 um 19:05 schrieb Aurélien Couderc via Cygwin:
> On Sat, Nov 15, 2025 at 3:43 PM Thomas Wolff via Cygwin
> <cygwin AT cygwin DOT com> wrote:
>>
>> Am 15.11.2025 um 13:58 schrieb Aurélien Couderc via Cygwin:
>>> Does Cygwin have an API to atomically create a new file with an ACL?
>>>
>>> Aurélien
>> I don't think there's such an API in POSIX. Instead it's the purpose of
>> the directory default ACL entries to support this.
>> While the manual pages of setfacl/getfacl are lousy, a fairly lucid
>> description is in 7.6. POSIX Access Control Lists | Administration Guide
>> | Red Hat Gluster Storage | 3 | Red Hat Documentation
>> <https://docs.redhat.com/en/documentation/red_hat_gluster_storage/3/html/administration_guide/sect-posix_access_control_lists>.
> That does not help. There are valid use cases, where this becomes
> security relevant due race conditions between file creation and
> setting of the ACLs.
>
> That's why all mainframe operating systems (and Windows WinNT as VMS
> descendant) which support ACLs also support file creation with ACLs as
> an argument.
>
> Aurélien
The directory default ACL is like an implicit argument. I do not see a 
race condition as my assumption is that the new file is equipped with 
the inherited ACL in an atomic creation instance, although I do not find 
this specified. Maybe someone has a more specific clue.

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple