Hi Bruno,
On 6/3/2024 11:28 AM, Bruno Haible wrote:
On the GitHub CI machines for Cygwin, I'm seeing this test failure:
FAIL: test-file-has-acl-2.sh
============================
file_has_acl("tmpfile0") returned yes, expected no
FAIL test-file-has-acl-2.sh (exit status: 1)
The cause is that in this situation, the current directory is not
under the Cygwin / directory. Thus it belongs to a different Cygwin "mount"
than the Cygwin / directory. I can reproduce the issue on a local Windows
machine, by building under /cygdrive/c/Users/USERNAME/build/ rather than
under /home/USER.
In this situation, the "trivial" ACL is not
user::rwx
group::r-x
other::r-x
but instead
user::rwx
group::r-x
group:SYSTEM:rwx
group:Administrators:rwx
mask::r-x
other::r-x
This may be nitpicking, but I think your analysis of the cause of the
test failure is somewhat misleading. The issue is not that the current
directory is not under the Cygwin / directory. The issue is that the
current directory was created under a directory that has default ACL
entries beyond those that a directory under the Cygwin / directory would
normally have. In this case, the extra entries involve the SYSTEM and
Administrators groups and the mask.
On my own system, I routinely work with directories under
C:/Users/USERNAME, but I change the default ACL entries on those
subdirectories to be the same as those under my Cygwin home directory.
Here's an illustration. [Note: On my system, C: is mounted on /c.]
$ cd /c/Users/kbrown
$ getfacl .
# file: .
# owner: Administrators
# group: SYSTEM
user::rwx
user:kbrown:rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:user:kbrown:rwx
default:group::rwx
default:group:SYSTEM:rwx
default:mask::rwx
default:other::---
$ mkdir build
$ cd build
$ getfacl .
# file: .
# owner: kbrown
# group: None
user::rwx
group::r-x
group:SYSTEM:rwx
group:Administrators:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:SYSTEM:rwx
default:group:Administrators:rwx
default:mask::rwx
default:other::r-x
$ touch a
$ getfacl a
# file: a
# owner: kbrown
# group: None
user::rw-
group::r-x #effective:r--
group:SYSTEM:rwx #effective:rw-
group:Administrators:rwx #effective:rw-
mask::rw-
other::r--
$ getfacl ~ | setfacl -f- .
$ getfacl .
# file: .
# owner: kbrown
# group: None
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x
$ touch b
$ getfacl b
# file: b
# owner: kbrown
# group: None
user::rw-
group::r--
other::r--
I wonder if Gnulib should similarly change the ACL on the current
directory, either after creating the build directory or in the test
itself. This makes more sense to me than to ignore the "extra" ACL
entries that happen to exist on the build directory used by the CI.
Ken
