[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pan-users] Re: Save attachment file permissions
From: |
Steven D'Aprano |
Subject: |
Re: [Pan-users] Re: Save attachment file permissions |
Date: |
Sun, 22 Feb 2009 20:58:45 +1100 |
User-agent: |
Thunderbird 1.5.0.12 (X11/20070719) |
Duncan wrote:
But, your mention of SAMBA jarred my thinking. If I'm not mistaken (and
maybe I am as I've never used SAMBA), Windows won't see Unix file
permissions no matter what serves up the file. It's just not designed to
work that way.
Windows doesn't understand Unix/Linux file systems, so it can't see Unix
permissions natively. However, Windows does support NTFS, which uses an
extraordinarily rich set of Access Control Lists capable of emulating
anything Unix permissions can do, and far, far more. Most people don't
use anywhere near the full set of ACLs, probably because they're quite
complicated and they're a lot of them:
http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html
On the other hand, FAT-xx file systems don't have any security
permissions at all.
And on the gripping hand, some Linux file systems (ext2, ext3, and
others) have "extended attributes" which go beyond the POSIX standard. I
don't know if samba uses them to correspond to NTFS ACLs, but I
understand the SELinux uses them extensively.
http://www.linux.com/feature/114027
http://wiki.linuxquestions.org/wiki/Extended_attributes
Let me ask you this. Using Explorer to browse the SAMBA
shares, do the files show up with the appropriate permissions? Are they
actually honored?
Yes, samba emulates the Linux permissions into NTFS ACLs. It's not a
perfect match, but quite close.
> (The best way I can think of to test that with the exe
bit would be to take a Windows executable and make a second copy,
different name, in the same directory. Then set the executable bit on
one, and clear it on the other. Now in Windows, will Windows execute
just the one with the executable bit, both, or neither, or is it totally
contrary and will only execute the one /without/ the executable bit?)
I'd suppose not.
Windows NT and better does have an executable ACL, although it's rarely
used. As far as I know, unless you do magic samba stuff to be compatible
with Active Directory, the Linux execute permission won't make any
difference at all to Windows.
If the above is correct and Windows doesn't see (or sees, but ignores)
the permissions, then you could permission bitflip all day and it
wouldn't make a bit of difference to Gravity, because it's using the
standard Windows API to access the files, so couldn't know anything more
about them than the standard Windows API shows it.
That's what I would expect.
...
Do normal MS programs still store their data files in the program files
dir (assuming the registry isn't enough for them), or do they store them
elsewhere, and if so, where?
Depends on whether you are talking about Windows ME (Windows 98 with a
face list and a lobotomy), NT, 2000, XP, Vista or Windows 7.
The following is based on my recollections of 98, 2000 and XP. I may be
conflating bits of each together, so don't treat this as anything more
than a rough sketch. I have never used Vista or Windows 7.
Generally, programs are supposed to store any data too big for the
registry in a known location. That location varies according to the
version of Windows. You are supposed to use a Windows API that looks up
the name of the directory from the registry, because it will be
localised for the current language.
For some English-language versions of Windows, the app is supposed to
store data in:
C:\\Documents and Settings\<username>\Application Data\<appname>\
but depending on the Windows version, not only the names of the
directories changes, but even where they are relative to other standard
locations, e.g. My Documents:
C:\\Documents and Settings\<username>\My Documents\
Yes, Gravity appears to still be using the
W98 paradigm, but is that still MS "best practice" in that regard, or has
MS changed and Gravity stood still? Does MS normally require admin
permissions to write to the system Program Files dir and individual
program subdirs?
That's probably of academic interest only, given that most Windows users
run with full admin privileges all the time.
--
Steven
- [Pan-users] Re: Save attachment file permissions, (continued)
- [Pan-users] Re: Save attachment file permissions, walt, 2009/02/18
- Re: [Pan-users] Re: Save attachment file permissions, Paul Crawford, 2009/02/19
- Re: [Pan-users] Re: Save attachment file permissions, Steven D'Aprano, 2009/02/19
- [Pan-users] Re: Save attachment file permissions, walt, 2009/02/19
- [Pan-users] Re: Save attachment file permissions, Duncan, 2009/02/19
- [Pan-users] Re: Save attachment file permissions, walt, 2009/02/19
- [Pan-users] Re: Save attachment file permissions, Duncan, 2009/02/19
- [Pan-users] Re: Save attachment file permissions, walt, 2009/02/21
- [Pan-users] Re: Save attachment file permissions, Duncan, 2009/02/22
- Re: [Pan-users] Re: Save attachment file permissions,
Steven D'Aprano <=
- Re: [Pan-users] Re: Save attachment file permissions, Paul Crawford, 2009/02/22
- Re: [Pan-users] Re: Save attachment file permissions, walt, 2009/02/22
- Re: [Pan-users] Re: Save attachment file permissions, Paul Crawford, 2009/02/22
- Re: [Pan-users] Re: Save attachment file permissions, walt, 2009/02/22
- Re: [Pan-users] Re: Save attachment file permissions, Paul Crawford, 2009/02/23
- [Pan-users] Re: Save attachment file permissions, Duncan, 2009/02/19