"Michael R. Wolf" wrote: > Where can I get a simple (and current) description of the relationship > between Unix file attributes (permissions, user, and group) and how that > corresponds to XP file attributes?
The Cygwin Users Guide: <http://cygwin.com/cygwin-ug-net/ntsec.html>. The section labeled 'The mapping leak' gives an explicit example of how a POSIX mode gets mapped to a set of NT ACLs. > I'd also like to know how to set/get them in cygwin and also XP. I'd expect > that to be chmod(1), chown(1), chgrp(1), id(1), ls(1), passwd(5), group(5), > and the shell's file test operators (-r, -w, -x, -O, -G). Those tools only set the traditional unix style ownership and permissions. The Windows security model is more expressive, so you can also use {get,set}facl to access the extended permissions that don't fit into the traditional "user/group/everyone" bins. > I only see a few attributes from the XP File Explorer (read-only, hidden, > archive, system), but would expect much more. You're looking at the wrong thing. Those aren't ACLs, they're just file attributes. Are you by any chance using Windows XP Home? That version of Windows hides file ACLs from the user interface, but they still exist on disk. To see the ACLs in Explorer, right click on the file, select Properties, then select the Security tab. This is still a watered down view of the ACLs, to see the full view click on the Advanced button. You should see a list of ACLs, such as "Administrators -> Full Control", "Users -> Read & Execute" and so on. cacls and xcacls also display ACLs. > I've noticed that the ls(1) output is different if I create a file with a > cygwin utility or with an XP utility. Specifically: > 1. What does the "+" mean in the 11th column after the standard 1-column type > and 9-column permission fields? This is explained in the documentation for ls: $ info coreutils ls 2>/dev/null | grep -A4 'extended access control list' For a file with an extended access control list, a `+' character is listed. Basic access control lists are equivalent to the permissions listed, and are not considered an alternate access method. Remember that for GNU projects the man page is considered a summary only, and the full documentation is in texinfo. The '+' essentially means that there are ACLs that cannot be mapped into the traditional unix "user/group/everyone" "r/w/x" bins. You can see them with getfacl. > 2. Why are default permissions different if the file is created with cygwin > and XP? I understand that cywing will try to create them with 666, modulated > by the umask of 0022, yeilding a default of 644, but how the heck does XP > come up with "700+" (my interpretation of "rwx------+")? POSIX/Cygwin programs create files with an explicit mode, as dictated by the umask. Windows programs do not traditionally care about ACLs, and they tend to specify a default value to the file APIs which means they inherit a set of ACLs from their container, which in the case of a file is its directory. You can see this in the Explorer UI as there is a column labeled "Inherited From". And likewise if that directory was created by a Windows program it probably inherited its default ACLs from its parent directory, going all the way back to the root drive which had its default ACLs set when the filesystem was created. This is of course a generalization, as inheritance is optional (you can see the checkmark in the Explorer UI labeled "Inherit from parent ....") and Windows programs can create files using any arbitrary set of ACLs if they desire. The behavior is thus program-specific, but you can generalize: the vast majority don't care and specify a default value which causes them to be inherited. > In addition, I can't get group information to show up in ls(1) output. The > -G flag to suppress it has no effect, and seems to always be active. You have to set up your groups file correctly if you want to see symbolic group names instead of numeric ones. > It seems like these would be an important topics to reference in the ls(1) > and chmod(1) man pages, and also in the (seemingly outdated) documentation of > File Permissions (http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-files). It's not outdated unless you're using 1.7, which has its own version of the Users Guide. > Have there been significatnt changes to cygwin since NT to accomodate XP? I > don't even know if the NT and XP filesystems are similar enough that I can > rely on documentation that discusses NT vs cygwin. NT is a generic term, meaning any version of Windows that's not 95/98/ME. When the users guide talks about NT permissions it means NT/2K/XP/2k3/Vista/2K8. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
