From 6867660301f22b64edafe8803f796ad9c0d355a5 Mon Sep 17 00:00:00 2001
From: David Macek via Cygwin-patches <cygwin-patches@cygwin.com>
Date: Wed, 13 May 2020 17:34:06 +0200
Subject: [PATCH] cygwin: doc: Add keywords for ACE order issues

Windows Explorer shows a warning with Cygwin-created DACLs, but putting
the text of the warning into Google doesn't lead to the relevant Cygwin
docs.  Let's copy the warning text into the docs in the hopes of helping
confused users.  Most of the credit for the wording belongs to Yaakov
Selkowitz.

Latest inquiry: <https://cygwin.com/pipermail/cygwin/2020-May/244814.html>

Signed-off-by: David Macek <david.macek.0@gmail.com>
---
 winsup/doc/ntsec.xml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/winsup/doc/ntsec.xml b/winsup/doc/ntsec.xml
index 08a33bdc6..d08996466 100644
--- a/winsup/doc/ntsec.xml
+++ b/winsup/doc/ntsec.xml
@@ -2159,11 +2159,13 @@ will correctly deal with the ACL regardless of the order of allow and
 deny ACEs.  The second rule is not modified to get the ACEs in the
 preferred order.</para>
 
-<para>Unfortunately the security tab in the file properties dialog of
-the Windows Explorer insists to rearrange the order of the ACEs to
-canonical order before you can read them. Thank God, the sort order
-remains unchanged if one presses the Cancel button.  But don't even
-<emphasis role='bold'>think</emphasis> of pressing OK...</para>
+<para>Unfortunately, the security tab in the file properties dialog of
+the Windows Explorer will pop up a warning stating "The permissions on
+... are incorrectly ordered, which may cause some entries to be
+ineffective."  Pressing the Cancel button of the properties dialog
+fortunately leaves the sort order unchanged, but pressing OK will cause
+Explorer to canonicalize the order of the ACEs, thereby invalidating
+POSIX compatibility.</para>
 
 <para>Canonical ACLs are unable to reflect each possible combination
 of POSIX permissions. Example:</para>