Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

Tagging subscribers to this area: @dotnet/area-system-io
See info in area-owners.md if you want to be subscribed.

Currently this only has the Unix implementation, and there are no tests yet.

The implementation relies on some methods that are added in #60507. I'll rebase when that PR is merged.

Can you give me some pointers on what APIs I should use for this on Windows (to get/set the mode as WSL/NTFS metadata)?
And, if/what we'd like to do to have a umask on Windows?

cc @eerhardt @danmoseley @jozkee @stephentoub @adamsitnik

I looked into what it would mean to support this APi on Windows in the context of WSL2.

Per this Linux files are stored in NTFS using a file system plugin called VolFS. WSL2 can access Windows files using a plugin called DrvFS.

1. DrvFS. Iff you enable the metadata option in WSL2 (eg with wsl.conf) then when writing files in the Windows filesystem (eg., in /mnt/c) from WSL, the access mask, uid and gid will be preserved by applying NTFS extended attributes (key value pairs associated with the file object, not the same as alternate data streams) whose names such as $LXMOD are documented. I'm not sure what use case they have in mind, because one could consider them an implementation detail. However, being documented, they can be read and written from Windows programs. More info

2. VolFS. When storing Linux files in NTFS, the access mask, etc are clearly preserved for Linux to work at all. It's not clear whether this is done in the same way, or if it is, it's apparently not projected through the "\\wsl$" mount point by which you can access them from Windows. For example, \\wsl.localhost\Ubuntu-20.04\home\dan\.bash_history appears to have no extended attributes, and attempting to set some gives STATUS_NOT_IMPLEMENTED. The "actual" storage according to that document is in %LocalAppData%\lxss, but nothing is visible there (unless possibly it is only visible in a higher integrity level)3.
   Edit: I just realized this refers to WSL1. As I understand it, WSL2 is implemented as a true VM. So access via \\wsl$ is not backed by individual files in an NTFS volume so it is no surprise that EA’s aren’t present. I was testing with WSL2. I didn’t test WSL1.

To read extended attributes you can use NtQueryEaFile, but it's apparently not documented (only ZwQueryEaFile which drivers can use). I haven't found a documented Win32 that allows you to do it. @JeremyKuhne do you have insight here?

Although, even if it is documented, it's not clear to me that there is much value in wiring this up for Windows, because it apparently will only enable it for files in the Windows filesystem written by WSL distros and only then that have the non-default metadata config flag enabled. So perhaps this API should just throw on Windows.

BTW I found https://github.com/ladislav-zezula/FileTest a very helpful UI for experimenting with NtQueryEaFile.

Although, even if it is documented, it's not clear to me that there is much value in wiring this up for Windows, because it apparently will only enable it for files in the Windows filesystem written by WSL distros and only then that have the non-default metadata config flag enabled.

I also think the value is low.

If a user would like to have the unix permissions with WSL, they can set the mount options (metadata), and use Linux .NET binaries for working with the permissions.

So perhaps this API should just throw on Windows.

Proposing something:

For the APIs that create a file/directory, I think they shouldn't throw because that facilitates using them in cross-platform code.
For the API that set the mode, I think they should throw.
For the APIs that get the mode, I think we should return something. They could return 0777. We can leave out the w bit if they are readonly and return 0555.

For the APIs that get the mode, I think we should return something. They could return 0777. We can leave out the w bit if they are readonly and return 0555.

That seems to be what chmod will do in WSL on a Windows file if 'metadata' flag is not used. But if it is set, it would now be a misleading result, as it should be interpreting the extended attributes.

For the APIs that create a file/directory, I think they shouldn't throw because that facilitates using them in cross-platform code.

This is akin to someone asking that files have a specific permission level set and then silently ignoring it, e.g. "create this file so that only I can read it" and then it silently enables everyone to read it. That seems like a security incident waiting to happen.
cc: @GrabYourPitchforks

That seems to be what chmod will do in WSL on a Windows file if 'metadata' flag is not used. But if it is set, it would now be a misleading result, as it should be interpreting the extended attributes.

ok, let's avoid confusion and make it throw.

This is akin to someone asking that files have a specific permission level set and then silently ignoring it, e.g. "create this file so that only I can read it" and then it silently enables everyone to read it. That seems like a security incident waiting to happen.

The property/argument is named unixCreateMode to indicate it is only applied on Unix, and only when a new file is created.

If we're not going to ignore it on Windows, a user will need to conditionalize for Windows to make their code work xplat.

If we're not going to ignore it on Windows, a user will need to conditionalize for Windows to make their code work xplat.

Presumably if they're trying to lock the file down, they'd need to do this anyway to use ACLs on Windows.

I like it when code that works for me on Linux doesn't throw PNSE on Windows.

Also, I think/hope a user setting unixCreateMode knows what it means.

And, not all use-cases that require unix permissions need a Windows ACL, like the tar extracting, for example.

I'll implement it to throw PNSE. We can revisit it later, if we want

I agree with failing on Windows for now -- perhaps we will learn more from WSL team, or their support will evolve, which might make it more interesting.

To read extended attributes you can use NtQueryEaFile, but it's apparently not documented (only ZwQueryEaFile which drivers can use)

@danmoseley As long as the Zw* version is documented, the Nt* version is fair game.

         Link="Common\Interop\Unix\System.Native\Interop.FChMod.cs" />

Also remove Interop.FChMod.cs from this .csproj

Refers to: src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj:587 in 168bdf5. [](commit_id = 168bdf5, deletion_comment = False)

@eerhardt @adamsitnik we can merge this and then try to send the backport to prev6 via Tactics. We can request the build wizards to wait for this change before they generate a build.

cc @wtgodbe @vseanreesermsft

Hey @tmds, from this discussion #69980 (comment)

I can take care of replacing TarFileMode with UnixFileMode, since I am still actively working on Tar stuff. Just wanted to let you know so we don't step on each other toes.