On Feb 26 21:27, random user wrote: > Regarding Corrinne's proposal to treat SYSTEM's ACE distinct from others > in forming the apparent group permission "mask": > > Might it be sensible to do somewhat similar for the case where a file's > owner is the same as its primary group (i.e., same SID)? It has seemed > the chmod behavior for this case has long been what's proposed (at least > for the typical case of a chmod leaving the user with wider privileges > than the group), but the group permission bits have appeared set to ls > and other tools. It would seem to help re ~/.ssh and other cases that > are checked by programs wanting there to not be any group permissions.
Good point. Right now the group permissions are == owner permissions in the case the owner and group are the same. Maybe it would be better to remove all group permission bits if owner SID == group SID instead. Either way it's a bit puzzeling for the user because a chmod on group permissions has no effect, but the 0 group permissions would help security-conscious applications along. And it would be neither exactly a lie, nor more insecure. Hmm... > (Less sure I think this is really a good idea, but it'd seem consistent > with treating SYSTEM this way given the standard default ACLs on > /c/Users/<user>): Should Administrators be treated the same as SYSTEM? Nooooooo!!!1!!11! This is exactly what I was concerned about when I formulated my yesterday's suggestion to special-case SYSTEM. There's no end to all the special casing if we start with it. Administrators is a group is a group is a group. Just like any other group. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
pgpmtKql_3xsV.pgp
Description: PGP signature
