diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2015-11-19 01:11:10 +0300 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2015-11-19 01:11:10 +0300 |
commit | 396e8310b11d4cce63d8a7544c0fc624a4fd822c (patch) | |
tree | d816e21a83feddd088d5c53db8b9027d3156e746 /winsup/doc | |
parent | 90e006a63dd9594c5d05b7251e27d16bceab3cac (diff) |
Document new ACL code
* new-features.xml (ov-new2.4): Add new ACL changes.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diffstat (limited to 'winsup/doc')
-rw-r--r-- | winsup/doc/ChangeLog | 4 | ||||
-rw-r--r-- | winsup/doc/new-features.xml | 23 |
2 files changed, 27 insertions, 0 deletions
diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog index 8c929774c..f20a72daf 100644 --- a/winsup/doc/ChangeLog +++ b/winsup/doc/ChangeLog @@ -1,5 +1,9 @@ 2015-11-18 Corinna Vinschen <corinna@vinschen.de> + * new-features.xml (ov-new2.4): Add new ACL changes. + +2015-11-18 Corinna Vinschen <corinna@vinschen.de> + * utils.xml (setfacl): Accommodate -b/-k change. * new-features.xml (ov-new2.4): Add setfacl -b/-k change. diff --git a/winsup/doc/new-features.xml b/winsup/doc/new-features.xml index 059609a20..ff8c03659 100644 --- a/winsup/doc/new-features.xml +++ b/winsup/doc/new-features.xml @@ -9,6 +9,29 @@ <itemizedlist mark="bullet"> <listitem><para> +New, unified implementation of POSIX permission and ACL handling. The +new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and +they allow to inherit the S_ISGID bit. ACL inheritance now really +works as desired, in a limited, but theoretically equivalent fashion +even for non-Cygwin processes.</para> + +<para>To accommodate standard Windows ACLs, the POSIX permissions of +the owner and all other users in the ACL are computed using the Windows +AuthZ API. This may slow down the computation of POSIX permissions +noticably in some circumstances, but is generally more correct. +The new code also ignores SYSTEM and Administrators group permissions +when computing the MASK/CLASS_OBJ permission mask on old ACLs, and it +doesn't deny access to SYSTEM and Administrators group based on the +value of MASK/CLASS_OBJ when creating the new ACLs.</para> + +<para>The new code now handles the S_ISGID bit on directories as on Linux: +Setting S_ISGID on a directory causes new files and subdirs created +within to inherit its group, rather than the primary group of the user +who created the file. This only works for files and directories +created by Cygwin processes. +</para></listitem> + +<listitem><para> New API: rpmatch. </para></listitem> |