DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 5AG9kSwr1415076
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 5AG9kSwr1415076
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=TO4VfAgL
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 21DF6385840D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1763286386;
	bh=5qmw5CFKS6cqnQ2IbESOZnQ6My8+voYEi9/NS2lDOtk=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=TO4VfAgLH70ST1p90c/1J5zkHwZ6WKduG2XS1FeoWvWKKteCqGU7zJtkFmtD6exsG
	 CFtK6LCGX/DWKo/MHAZ9BK+w+Mvzm6NF8W/D57k7Gxt0Wv5vt7eS6xnUPjg3vTiIG9
	 Mw4c9eXDHkEvHYQQi1fcttlwXUKRfaDdmgxEorm8=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6ACB93858D20
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6ACB93858D20
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1763286360; cv=none;
 b=r+H/MfpqKXQD6Zb5Dp8vNf+SwlE8grpGkBF0ZF0wTo40UOC/PmHCIAGiJYvCBoGQm9a1/XsGnFzZaMOozBgRTyaOlwvbf1IYB3YrzogLokMCVvJ80J8s2FCq6sGfrJHiUcJ72zGj/+F1YUjr2Gpn2+g5LPfzdQ06uLnZKarJpZE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1763286360; c=relaxed/simple;
 bh=M0JzXH3JUNHG9TsjWuht7pY1VH+iBwa6pBFR2HfbSxg=;
 h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;
 b=bIbph5hMjuDLNkOLaieilZEs7LNOL/hjm87hKtKobIHxktcttU9kvFOtjilO6p4Q3GgHduj0CNRHenICM0ZFDaW0912NjaEOZko8LR8CpDZIgsRdqSDoS8bIHniK/IKzhN3BjCw6TPS0wWvwMlbHp89TGnHjSzvgDIIjMmLn0kI=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6ACB93858D20
X-UI-Sender-Class: 55c96926-9e95-11ee-ae09-1f7a4046a0f6
Message-ID: <1fb9eb10-983a-43da-b523-06f6ede14436@towo.net>
Date: Sun, 16 Nov 2025 10:45:57 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Cygwin API to atomically create a new file with an ACL?
To: cygwin AT cygwin DOT com
References: <CA+1jF5q8VmGAiUyrQQ1dLa_0KLByfsFLtic86kr61HTTFAm9oA AT mail DOT gmail DOT com>
 <0a1391ac-adba-4420-b581-ccdb3842109a AT towo DOT net>
 <CA+1jF5r47SbFZHk4rp0z8K0ezGhrZpaVUu6pKMb=4VJnYQ0vcg AT mail DOT gmail DOT com>
 <d21b4aa3-3915-439e-9a07-2cb169ddf2ab AT towo DOT net>
Autocrypt: addr=towo AT towo DOT net; keydata=
 xsDNBGNaf3QBDACVevqudcTSevLThXKQPU1QpaDxtGuYjtwmr7i9wXxVGih4Y4oxOJN4PYlu
 KBX9IVAI4651dA+xYtXuyIkWOPZWyyzkGKavQOn3Q7dk09oj7bh2IwOndpxXXde337D408EQ
 bQEGbMHr9lOWhSAideowzgCeFIvGTf2AovbPh97HpexJn1/HCRiRAhTNlrkS1DByUgCAeEMK
 fEr6aGM/Ou29MT+eTnQwOIZTnl9Z9LxM2FtqqMH3MycC7I2OoW3XXhuL8BPQdyJUjWa0/J11
 Oo5jFkRXtWenIns6jGn18oW72jnDmo9jXwwS+iZWAV6Y51nhD7jSC+3xs9ORmPCdtHUSpTr1
 zh67UueUJ3DUUNVuA25Hn/9EJMJ2L60BGUEr88NEB6pcZhmcwdkurAQeYT6t+frzBz2ctsoN
 BoxP/Xc02yd+z7hXWRRMrJWh9WHlQHA3Z4FfmyNhyPhs3MgKTJ1E9QfzGquigAmF3/k/Dc1m
 7cSOKhGYhpEJdSpdXccJFKkAEQEAAc0cVGhvbWFzIFdvbGZmIDx0b3dvQHRvd28ubmV0PsLB
 BwQTAQgAMRYhBHUiRKsHn5d8BpWdP8bz0e72Bp0CBQJjWn93AhsDBAsJCAcFFQgJCgsFFgID
 AQAACgkQxvPR7vYGnQKSMAv8Di+8MXB2mcfsemRdShfLLKcLOv+d0CXAtPVaY3XKxbKpRvC9
 +AAT5wIHYjQft77/b2y87vGIh+nQ5hKLtNtQPSDtqG/Igkb5jAXpLi28fSUzgM96DvARmwve
 5wSnAU3prxH+Y63YpOpslEcGMRoEtYCDy1ANMYPcEZT/YvDd4CplyyEai4VYrw3/LsESDYlY
 GK6uMQzZ1jl2cNOUFu6BwLUeZIcwaqGto8n4R4nbf4jxUEpa21bWBPqE+Jf49uipjPr/iJ72
 5HbdWuuCfyTTJEJjfNEBigWP2RXM9iNDcO61V3aEjh76tThfBK2MMlLWfZkQaQziu24x8R4B
 I0efJYWBX2Sv2qnsH/EWj7FUIZjRqGG7LnWHLShfG6yjSOTOWYi8BbsvoftpaLWgZX28aGX4
 uzuSZ5L0caXh/pr/gSgqoH/YbuFIgqtQH4seOBgTybd22Vpe78rnc+8450pN8qwchHAZaJka
 UxS0SpYxXzXmHUKILA4C43s0U/z2Mez9zsDNBGNaf3cBDADeJ7paMrb6f1+k8wM7tyk0/Ded
 KX/pOejt/D20Ceerw2iL/4tUmBL+A3ic2yjiSFUSsEfHwgCVwKrn4MwZtkesdiphm2lk6xWc
 k1ENCQy44QwQT6UZ/mHWYWcj5LS6ua183x1zdn9iF3lv150nm/ssw56D7USz/ap1Vh0lf5te
 D+CIheGLocVDqxWiu7rHP8jKRWFgq/+OU6HKX8p2Yv1oYsykh9qF2bFzawLDS+S1VbfRicfD
 G0RtceL/BAf7b6UE5u9TGdfrFEa2TKZeS/FS/ViKUfwsXQIki1sWt2FQENbuDY28vxyR46ZZ
 0gixDCFUoBw5pkmOGVQa+1RQYrRqlN4X0CAgp7mFVeEHl5NTgiL1bemkQVmHOUDG+CzNg+Lk
 UGoedAtT672l3JjrnSs4j8zNshpgV2OfAhAC+V9XvqCjMnxzVfXkVlbuWpPfUWQeFclLGg8P
 agpQUE0Ux+VV4DoeQCxYEnRCf/n7n+IRfILj5+2l6Zw4M7zSu6ii0tUAEQEAAcLA9gQYAQgA
 IBYhBHUiRKsHn5d8BpWdP8bz0e72Bp0CBQJjWn97AhsMAAoJEMbz0e72Bp0CQr4L/REdT0SF
 mbapnZIe92THCdtAUgwEv8VdNiNFBJelz8P/fuXuNPtisYvQQD4e64zpWe2UC4Cxo9DUk/pW
 6Qci1xaXRKEiSPjHdSGGVB1PFIcqiS75GCf/ga/Dnfsy0Y4Uh6OGTQnkvZLBCe3vvcVLDQ7F
 PuV79zA9/eOeOW6aGoO6bq/wH+z96f9LyTITkQDy07fm6JYTGuzAoJE2AEboU1mgbtlx+tAa
 QFkpAQkp2g1Vhc3A7k4vntlHOrjMC+uVFh7QTGFfIlLRF6izUjSe6EZ06LErzlIiE05RP3yF
 FSRWidW0wze26peYlxYVgH1+T9wMTW2oiTBybfAMHBAxUP7Gr1WUo/oJEr0srWhatz8AwydP
 y7NwFbdpYn0NcFBaIlLW/JL11Eovwlivow+oGpzGFuuzSuflp2q9s2JWtn4EhW0kEs93D0LP
 iuJWvRaCZ6aD3uF3FMW8wyVWZYsLrzune2jH8w/uKMprDEOGOm+BcyhEFedTyY1ygbZKl+0G kQ==
In-Reply-To: <d21b4aa3-3915-439e-9a07-2cb169ddf2ab@towo.net>
X-Provags-ID: V03:K1:6Q0ES27e6iKbyHCK0Eimau38JwTp66TY+Nl8o5bOWnna/uCMfTn
 Mk6HrwrB0u5qnuHtod6XzEJ4uk4J40I+2hIWpipWv5vOIr9XKLJm1MOxLe+NqMhkZgN2jdv
 m+WtiPUIRho/+mm7t5EeRgSKv/L1nekgNDDWUvzfA9kg1K2EbvPsXAChMKo8Kjez3plfOfd
 9J8AljdTNmXwnigioyUGQ==
UI-OutboundReport: notjunk:1;M01:P0:Iz1/ox6ljCQ=;VnILxmCiDCniG7WruEQtNdk/DXd
 TC8YwjDNpH2FKydlkcVUptQSpdNleVboznWizu6WyLfGLoWoqp0CXnTSuu5aOMrMNGqBnJ84a
 htW1tcwHG0ve7PjY0VK0CCrpxozCgpv31Ga7858+07S/dV2Run+JNGtRC+rp5nVjJleJohjr2
 3KTddsOubq2mz+oGinf3WYYugKSd7oe1z72CVCPur3BRb4zpCFD+7QDqPQjhNgxVxWw4GmYdI
 jBqTS32lZ1zY1A9IrzdnMXnaAnFgKaskbXsSwrNXUz3u+McAo6zfUkga2MzJxj55aBPemZd8t
 /Qk9A5yPNrr8+IxjE/VDpOTS+TZJYj2ywhzYH+Lw/Dxx8rY89TGGOyQqLms0lGwnYSu/ES9SB
 nogRRdd4Q4XqZcHHLfb1ur5ula+FsXO0lP5qk1YWv0QH83RXP8utZOPfrOy/1o3WakK7ZD8Cc
 FWMeIfchewQGvxbIQ19yetZou8wUFHYzCNWJh3DCb7z9s2ocxV5Npd4CxmjSopurMaVejN4Ud
 U/oU1Fqq6EKk3MFjwmYoVlSNo40k/hHFCCgcGkloQ38F0SwO3G52qYD8Kjm/70Cf1HM21zgb7
 j9378KKU31LLay7xftUs7kb/DPEqcKqKE2bnCTENfqrYssNFbAfbBfgp5jvPUsADEoYI/VCzw
 bNxiLwGd1NqppWmiZQ2q40EmBqoo02hBCxyDC8ovqM4C+BEX1e1T50O5LMBrBz08j+W0uYtaT
 tevXmEHoOtusb+BizHuOZ7jLkOmjaTs02gMvgqOsLz0KT7XaXNfqQPVCq2T06+mMo93yQcMGh
 DLikTQ4d++myQyK+/gMyTWrruZehMXaAN8gp2hs3EcmDdC/3CcpJFVBtdfHTnfEFnr7tsFamn
 RcOqwU92TfvQtlfDk9tw+oYhm5LTkknxeU3HhpsABO2NDTcsw5B8reGtAjZTFx9sP2G++itIx
 DV2GRprG0jQvke3uPWR07D5bdsRej0jETXHjlzq1Vo1bof1k2J4N0Z0NqpkbS0lOTnZxs4yoK
 4zzMrHqCbijFHMmQjw8gxi+sNHcFfwTY26Gdz7YLxQUYpsqtPy9Vmv5rjweHxeH0hoss6SybH
 Dkb0jBQXq6DiJxg4XxQsFBkydS+zOm+zUMyc6/XznFHY9qw6UQvT1hYqW7CF3jZ3kBNVy6sbW
 je+jD7wawnmfpmwYxZvFqJD+8VAppvj9J1vTNp0dBzMnJjvMeXeNXm6qIpHNxsLqB8k23idM2
 HpMrgGYWiTypfov5ancnzDELE3V0Mmlr7P9fQNca1dGLXQEbe4JicHKvSz8DD6stfQexEDOXS
 mdiGR20muMXEt1BBBQyefAVELsYpGPvLjGSoaMNmpxYheu19Urd8YW95YjkZj6ehBpFIqcVQ/
 d5VMJN1sUJKrMJLO/N/c5yp4giHpUsRgXoxvNrlBE7BPnUM1CFkMqYdrRuy3mbgByOTpMMXF+
 j+sGvMaOXRdVS491JTIz5LX5MYTPbbGWtR93os5TJAaE8XLu9KIhLK0bfxz2Cse59uFJvnzsc
 h/DJe786OY0zMppyZCGJfOO2U/TxRyeeMujuULjoouSrarRRAEeKrkmFOrRKpPdayV1crTm1G
 9DhRzkbkOHAY6S7Hi+Djje8t5o6FzVEJqC2ysLqZnZ5lUyK0GDAmUzECDQI12kuM1/44BeS5d
 q89RvqhNQA70A/TGU3zdZCOFedh2WO/OeIQnbGZejx7xx0S+5ZS5irUgBbAp42rZfkybo7354
 zTUghRUKeYCfq
X-Content-Filtered-By: Mailman/MimeDel 2.1.30
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Thomas Wolff via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Thomas Wolff <towo AT towo DOT net>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 5AG9kSwr1415076


Am 16.11.2025 um 02:40 schrieb Thomas Wolff via Cygwin:
> Am 15.11.2025 um 19:05 schrieb Aurélien Couderc via Cygwin:
>> On Sat, Nov 15, 2025 at 3:43 PM Thomas Wolff via Cygwin
>> <cygwin AT cygwin DOT com> wrote:
>>>
>>> Am 15.11.2025 um 13:58 schrieb Aurélien Couderc via Cygwin:
>>>> Does Cygwin have an API to atomically create a new file with an ACL?
>>>>
>>>> Aurélien
>>> I don't think there's such an API in POSIX. Instead it's the purpose of
>>> the directory default ACL entries to support this.
>>> While the manual pages of setfacl/getfacl are lousy, a fairly lucid
>>> description is in 7.6. POSIX Access Control Lists | Administration 
>>> Guide
>>> | Red Hat Gluster Storage | 3 | Red Hat Documentation
>>> <https://docs.redhat.com/en/documentation/red_hat_gluster_storage/3/html/administration_guide/sect-posix_access_control_lists>. 
>>>
>> That does not help. There are valid use cases, where this becomes
>> security relevant due race conditions between file creation and
>> setting of the ACLs.
>>
>> That's why all mainframe operating systems (and Windows WinNT as VMS
>> descendant) which support ACLs also support file creation with ACLs as
>> an argument.
>>
>> Aurélien
> The directory default ACL is like an implicit argument. I do not see a 
> race condition as my assumption is that the new file is equipped with 
> the inherited ACL in an atomic creation instance, although I do not 
> find this specified. Maybe someone has a more specific clue.
There is also manual page acl(5) but it's missing in cygwin:
acl(5): Access Control Lists - Linux man page 
<https://linux.die.net/man/5/acl>
Another good description is
Access control lists in Linux | Security and Hardening Guide | SLES 15 
SP7 
<https://documentation.suse.com/sles/15-SP7/html/SLES-all/cha-security-acls.html> 

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple