Loading ...
Sorry, an error occurred while loading the content.

27603Re: Win32 ACLs unreliable.

Expand Messages
  • Mike Williams
    Mar 4, 2002
      On 3 Mar 2002 at 13:15, Bram Moolenaar wrote:

      > > The only reliable approach to ACL handling seems to be to get down and
      > > dirty with the low level system calls. A quick Google search has
      > > turned up the following page as having sample code that could be used
      > > as a basis for rewriting the ACL checking:
      > >
      > > http://mvps.org/win32/security/fksec.html
      > >
      > > Until I (or someone else) gets a chance to review this and reimplement
      > > the relevant bits in C (it's in C++) I recommend that Yet Another
      > > Option (TM - V.Negri) is added to turn off ACL checking that users can
      > > use if they experience problems. Not a full solution but at least
      > > that should prevent a large number of complaints.
      > I don't like adding an option for this. It's not a real solution, it
      > just shifts the problem towards the user.

      Until we write a replacement for GetEffectiveRightsFromAcl() - admittedly not a nice
      solution as this could be a fair amount of code.

      > How about an alternative: Can we try writing to the file to find out if
      > it's writable? Opening the file for appending should not change the
      > file in any way. The possible side effect is that the timestamp of the
      > file changes when you edit it with Vim.

      Maybe, I'll investigate.

      > This should at least be restricted to file systems that have ACL
      > capabilities.

      Doing it in acl_check() will ensure that the check for the file system supporting ACLs
      has been done.

      > Alternatively, we can assume all files on ACL'ed file systems are
      > writable, since mostly people complain if a file is marked read-only
      > while its actually writable.

      The original bug report was due to assuming this - someone reported that he was
      unable to write to a file not marked as read-only due to an ACL not allowing writes.
      How ironic ;)

      I'm verging back towards remove ACL support on Windows. I doubt anywhere that is
      using ACLs in anger would have VIM around - they would be having som many
      problems with other applications that don't take notice of ACLs.

      Genealogy tracing us back to the same brother and sister.
    • Show all 11 messages in this topic