* ntsec.sgml: Slight changes. Fix some errors.

This commit is contained in:
Corinna Vinschen 2000-10-26 08:01:39 +00:00
parent 5972be1c32
commit 003303a435
2 changed files with 16 additions and 11 deletions

View File

@ -1,3 +1,7 @@
Thu Oct 26 10:00:00 2000 Corinna Vinschen <corinna@vinschen.de>
* ntsec.sgml: Slight changes. Fix some errors.
Thu Oct 26 9:35:00 2000 Corinna Vinschen <corinna@vinschen.de> Thu Oct 26 9:35:00 2000 Corinna Vinschen <corinna@vinschen.de>
* ntsec.sgml: Changed the (now incorrect) hint that ntsec only * ntsec.sgml: Changed the (now incorrect) hint that ntsec only

View File

@ -133,7 +133,7 @@ set </para></listitem>
to Cygwin version 1.1.0. Later versions use `access denied ACEs' as well to Cygwin version 1.1.0. Later versions use `access denied ACEs' as well
to reflect the UNIX permissions as good as possible.</para> to reflect the UNIX permissions as good as possible.</para>
<para>The possible permissions on objects are more complicated than in <para>The possible permissions on objects are more detailed than in
UNIX. For example, the permission to delete an object is different UNIX. For example, the permission to delete an object is different
from the write permission.</para> from the write permission.</para>
@ -145,8 +145,9 @@ The ntsec patch tries to do this in cygwin.</para>
<para>You ask "Mostly? Why mostly???" Because there's a leak in the NT model. <para>You ask "Mostly? Why mostly???" Because there's a leak in the NT model.
I will describe that in detail in chapter 4.</para> I will describe that in detail in chapter 4.</para>
<para>The creation of explicit object security is a bit complicated, so
typically only two simple variations are used:</para> <para>Creating explicit object security is not that easy so you will often
see only two simple variations in use:</para>
<itemizedlist spacing="compact"> <itemizedlist spacing="compact">
<listitem><para>default permissions, computed by the operating system </para></listitem> <listitem><para>default permissions, computed by the operating system </para></listitem>
@ -155,10 +156,10 @@ typically only two simple variations are used:</para>
<para>For parameters to functions that create or open securable objects another <para>For parameters to functions that create or open securable objects another
data structure is used, the `security attributes' (SA). This structure data structure is used, the `security attributes' (SA). This structure
contains an SD and a flag, that specifies whether the returned handle contains an SD and a flag that specifies whether the returned handle
to the created or opened object is inherited to child processes or not. to the object is inherited to child processes or not.
This property is not important for the ntsec patch description, so in This property is not important for the ntsec patch description so in
this document SDs and SAs are more or less identical.</para> this document the difference between SDs and SAs is ignored.</para>
</sect2> </sect2>
@ -315,7 +316,7 @@ and in the gr_passwd field in <filename>/etc/group</filename>.</para>
<itemizedlist spacing="compact"> <itemizedlist spacing="compact">
<listitem><para>ntsec works better in domain environments.</para></listitem> <listitem><para>ntsec works better in domain environments.</para></listitem>
<listitem><para>Accounts (users and groups) may get another name in <listitem><para>Accounts (users and groups) may get another name in
cygwin that their NT account name. The name in <filename>/etc/passwd</filename> cygwin than their NT account name. The name in <filename>/etc/passwd</filename>
or <filename>/etc/group</filename> is transparently used by cygwin or <filename>/etc/group</filename> is transparently used by cygwin
applications (eg. <command>chown</command>, <command>chmod</command>, applications (eg. <command>chown</command>, <command>chmod</command>,
<command>ls</command>):</para> <command>ls</command>):</para>
@ -332,8 +333,8 @@ adminstrator::500:513::/home/root:/bin/sh
<para>Caution: If you like to use the account as login account via <para>Caution: If you like to use the account as login account via
<command>telnet</command> etc. you have to remain the name unchanged or <command>telnet</command> etc. you have to remain the name unchanged or
you have to use a special version of <command>login</command> which will you have to use the special version of <command>login</command> which is
be part of the release 1.1 soon.</para></listitem> part of the standard Cygwin distribution since 1.1.</para></listitem>
<listitem><para>Cygwin UIDs and GIDs are now not necessarily the RID <listitem><para>Cygwin UIDs and GIDs are now not necessarily the RID
part of the NT SID:</para> part of the NT SID:</para>
@ -408,7 +409,7 @@ group membership of the caller.</para></listitem>
<listitem><para>The order of ACEs is important. The system reads them <listitem><para>The order of ACEs is important. The system reads them
in sequence until either any needed right is denied or all needed rights in sequence until either any needed right is denied or all needed rights
are granted. Later ACEs are then not taken into account.</para></listitem> are granted. Later ACEs are then not taken into account.</para></listitem>
<listitem><para>ALl access denied ACEs _should_ precede any <listitem><para>All access denied ACEs _should_ precede any
access allowed ACE.</para></listitem> access allowed ACE.</para></listitem>
</itemizedlist> </itemizedlist>