Too Many Permissions Stripped In 1.7.35?

Fri Feb 27 13:37:00 GMT 2015

On Feb 26 21:27, random user wrote:
> Regarding Corrinne's proposal to treat SYSTEM's ACE distinct from others
> in forming the apparent group permission "mask":
>> Might it be sensible to do somewhat similar for the case where a file's
> owner is the same as its primary group (i.e., same SID)? It has seemed
> the chmod behavior for this case has long been what's proposed (at least
> for the typical case of a chmod leaving the user with wider privileges
> than the group), but the group permission bits have appeared set to ls
> and other tools. It would seem to help re ~/.ssh and other cases that
> are checked by programs wanting there to not be any group permissions.

Good point. Right now the group permissions are == owner permissions in
the case the owner and group are the same. Maybe it would be better to
remove all group permission bits if owner SID == group SID instead. 
Either way it's a bit puzzeling for the user because a chmod on group
permissions has no effect, but the 0 group permissions would help
security-conscious applications along. And it would be neither exactly
a lie, nor more insecure.
Hmm...
> (Less sure I think this is really a good idea, but it'd seem consistent
> with treating SYSTEM this way given the standard default ACLs on
> /c/Users/<user>): Should Administrators be treated the same as SYSTEM?

Nooooooo!!!1!!11!
This is exactly what I was concerned about when I formulated my
yesterday's suggestion to special-case SYSTEM. There's no end to all
the special casing if we start with it. Administrators is a group
is a group is a group. Just like any other group.
Corinna
-- 
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150227/e68b17d7/attachment.sig>