Message 374044 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	eryksun
Recipients	christian.heimes, eryksun, giampaolo.rodola, noctiflore
Date	2020-07-21.01:10:15
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1595293815.85.0.525081790359.issue30044@roundup.psfhosted.org>
In-reply-to

Content
> Since the need to copy file ownership is common, I think there could > be space for a new copy3() function which copies ownership + extended > attributes (where possible). FYI, Windows and POSIX have significantly different concepts about file (object) ownership. In Windows: * Any type of SID can be set as the owner, such as a user, global group, local group, well-known group, domain, or logon session. All of these SID types, except for user SIDs, are commonly set in the groups of a token. Also, the token user is not limited to just users. It's commonly set to a well-known group such as SYSTEM, LOCAL SERVICE, or NETWORK SERVICE. * The effective access token of a thread is granted owner rights to an object if the token user or any of the token's enabled groups is the owner of the object. For example, if an object is owned by the "BUILTIN\Users" local group, then all access tokens for standard-user logons will be granted owner rights as long as they have the "BUILTIN\Users" group enabled, which it is by default. * If not set explicitly via "OWNER RIGHTS" (i.e. S-1-3-4), the owner is implicitly granted the READ_CONTROL right to query the object security and the WRITE_DAC right to modify the object's resource attributes and discretionary access-control list. As long as these rights are granted implicitly, they cannot be denied by deny access-control entries. However, implicit owner rights may be denied if an object has an implicit (by object type) or explicit (by label) no-read-up or no-write-up mandatory policy, and the token's integrity level is less than that of the object. * An explicit "OWNER RIGHTS" entry can be set in the discretionary access control list in order to override the implicit owner rights. This is not the same as setting owner rights in POSIX, since other ACL entries may grant or deny rights. Given the canonical priority of deny access-control entries and also mandatory access control based on the integrity level of the object vs the token, granting explicit access to "OWNER RIGHTS" does not necessarily ensure the owner will even be granted at least the desired access in all contexts. Also, unlike the implicit case, if an "OWNER RIGHTS" entry grants READ_CONTROL and/or WRITE_DAC access, either right may be denied by deny access-control entries.

> Since the need to copy file ownership is common, I think there could
> be space for a new copy3() function which copies ownership + extended
> attributes (where possible).

FYI, Windows and POSIX have significantly different concepts about file (object) ownership. In Windows:

* Any type of SID can be set as the owner, such as a user, global
group, local group, well-known group, domain, or logon session. All
of these SID types, except for user SIDs, are commonly set in the
groups of a token. Also, the token user is not limited to just users.
It's commonly set to a well-known group such as SYSTEM, LOCAL
SERVICE, or NETWORK SERVICE.

* The effective access token of a thread is granted owner rights to
an object if the token user or any of the token's enabled groups is
the owner of the object. For example, if an object is owned by the
"BUILTIN\Users" local group, then all access tokens for standard-user
logons will be granted owner rights as long as they have the
"BUILTIN\Users" group enabled, which it is by default.

* If not set explicitly via "OWNER RIGHTS" (i.e. S-1-3-4), the
owner is implicitly granted the READ_CONTROL right to query the
object security and the WRITE_DAC right to modify the object's
resource attributes and discretionary access-control list. As
long as these rights are granted implicitly, they cannot be
denied by deny access-control entries. However, implicit owner
rights may be denied if an object has an implicit (by object
type) or explicit (by label) no-read-up or no-write-up mandatory
policy, and the token's integrity level is less than that of the
object.

* An explicit "OWNER RIGHTS" entry can be set in the discretionary
access control list in order to override the implicit owner rights.
This is not the same as setting owner rights in POSIX, since other
ACL entries may grant or deny rights. Given the canonical priority
of deny access-control entries and also mandatory access control
based on the integrity level of the object vs the token, granting
explicit access to "OWNER RIGHTS" does not necessarily ensure the
owner will even be granted at least the desired access in all
contexts. Also, unlike the implicit case, if an "OWNER RIGHTS"
entry grants READ_CONTROL and/or WRITE_DAC access, either right
may be denied by deny access-control entries.

History
Date	User	Action	Args
2020-07-21 01:10:15	eryksun	set	recipients: + eryksun, giampaolo.rodola, christian.heimes, noctiflore
2020-07-21 01:10:15	eryksun	set	messageid: <1595293815.85.0.525081790359.issue30044@roundup.psfhosted.org>
2020-07-21 01:10:15	eryksun	link	issue30044 messages
2020-07-21 01:10:15	eryksun	create