* ntsec.sgml: Slight changes. Fix some errors.
This commit is contained in:
parent
5972be1c32
commit
003303a435
@ -1,3 +1,7 @@
|
|||||||
|
Thu Oct 26 10:00:00 2000 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
|
* ntsec.sgml: Slight changes. Fix some errors.
|
||||||
|
|
||||||
Thu Oct 26 9:35:00 2000 Corinna Vinschen <corinna@vinschen.de>
|
Thu Oct 26 9:35:00 2000 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
* ntsec.sgml: Changed the (now incorrect) hint that ntsec only
|
* ntsec.sgml: Changed the (now incorrect) hint that ntsec only
|
||||||
|
@ -133,7 +133,7 @@ set </para></listitem>
|
|||||||
to Cygwin version 1.1.0. Later versions use `access denied ACEs' as well
|
to Cygwin version 1.1.0. Later versions use `access denied ACEs' as well
|
||||||
to reflect the UNIX permissions as good as possible.</para>
|
to reflect the UNIX permissions as good as possible.</para>
|
||||||
|
|
||||||
<para>The possible permissions on objects are more complicated than in
|
<para>The possible permissions on objects are more detailed than in
|
||||||
UNIX. For example, the permission to delete an object is different
|
UNIX. For example, the permission to delete an object is different
|
||||||
from the write permission.</para>
|
from the write permission.</para>
|
||||||
|
|
||||||
@ -145,8 +145,9 @@ The ntsec patch tries to do this in cygwin.</para>
|
|||||||
|
|
||||||
<para>You ask "Mostly? Why mostly???" Because there's a leak in the NT model.
|
<para>You ask "Mostly? Why mostly???" Because there's a leak in the NT model.
|
||||||
I will describe that in detail in chapter 4.</para>
|
I will describe that in detail in chapter 4.</para>
|
||||||
<para>The creation of explicit object security is a bit complicated, so
|
|
||||||
typically only two simple variations are used:</para>
|
<para>Creating explicit object security is not that easy so you will often
|
||||||
|
see only two simple variations in use:</para>
|
||||||
|
|
||||||
<itemizedlist spacing="compact">
|
<itemizedlist spacing="compact">
|
||||||
<listitem><para>default permissions, computed by the operating system </para></listitem>
|
<listitem><para>default permissions, computed by the operating system </para></listitem>
|
||||||
@ -155,10 +156,10 @@ typically only two simple variations are used:</para>
|
|||||||
|
|
||||||
<para>For parameters to functions that create or open securable objects another
|
<para>For parameters to functions that create or open securable objects another
|
||||||
data structure is used, the `security attributes' (SA). This structure
|
data structure is used, the `security attributes' (SA). This structure
|
||||||
contains an SD and a flag, that specifies whether the returned handle
|
contains an SD and a flag that specifies whether the returned handle
|
||||||
to the created or opened object is inherited to child processes or not.
|
to the object is inherited to child processes or not.
|
||||||
This property is not important for the ntsec patch description, so in
|
This property is not important for the ntsec patch description so in
|
||||||
this document SDs and SAs are more or less identical.</para>
|
this document the difference between SDs and SAs is ignored.</para>
|
||||||
|
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
@ -315,7 +316,7 @@ and in the gr_passwd field in <filename>/etc/group</filename>.</para>
|
|||||||
<itemizedlist spacing="compact">
|
<itemizedlist spacing="compact">
|
||||||
<listitem><para>ntsec works better in domain environments.</para></listitem>
|
<listitem><para>ntsec works better in domain environments.</para></listitem>
|
||||||
<listitem><para>Accounts (users and groups) may get another name in
|
<listitem><para>Accounts (users and groups) may get another name in
|
||||||
cygwin that their NT account name. The name in <filename>/etc/passwd</filename>
|
cygwin than their NT account name. The name in <filename>/etc/passwd</filename>
|
||||||
or <filename>/etc/group</filename> is transparently used by cygwin
|
or <filename>/etc/group</filename> is transparently used by cygwin
|
||||||
applications (eg. <command>chown</command>, <command>chmod</command>,
|
applications (eg. <command>chown</command>, <command>chmod</command>,
|
||||||
<command>ls</command>):</para>
|
<command>ls</command>):</para>
|
||||||
@ -332,8 +333,8 @@ adminstrator::500:513::/home/root:/bin/sh
|
|||||||
|
|
||||||
<para>Caution: If you like to use the account as login account via
|
<para>Caution: If you like to use the account as login account via
|
||||||
<command>telnet</command> etc. you have to remain the name unchanged or
|
<command>telnet</command> etc. you have to remain the name unchanged or
|
||||||
you have to use a special version of <command>login</command> which will
|
you have to use the special version of <command>login</command> which is
|
||||||
be part of the release 1.1 soon.</para></listitem>
|
part of the standard Cygwin distribution since 1.1.</para></listitem>
|
||||||
<listitem><para>Cygwin UIDs and GIDs are now not necessarily the RID
|
<listitem><para>Cygwin UIDs and GIDs are now not necessarily the RID
|
||||||
part of the NT SID:</para>
|
part of the NT SID:</para>
|
||||||
|
|
||||||
@ -408,7 +409,7 @@ group membership of the caller.</para></listitem>
|
|||||||
<listitem><para>The order of ACEs is important. The system reads them
|
<listitem><para>The order of ACEs is important. The system reads them
|
||||||
in sequence until either any needed right is denied or all needed rights
|
in sequence until either any needed right is denied or all needed rights
|
||||||
are granted. Later ACEs are then not taken into account.</para></listitem>
|
are granted. Later ACEs are then not taken into account.</para></listitem>
|
||||||
<listitem><para>ALl access denied ACEs _should_ precede any
|
<listitem><para>All access denied ACEs _should_ precede any
|
||||||
access allowed ACE.</para></listitem>
|
access allowed ACE.</para></listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user