X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-6.8 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD
X-Spam-Check-By:	sourceware.org
Message-ID:	<4C473657.7060209@redhat.com>
Date:	Wed, 21 Jul 2010 12:03:03 -0600
From:	Eric Blake <eblake AT redhat DOT com>
User-Agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100621 Fedora/3.0.5-1.fc13 Lightning/1.0b2pre Mnenhy/0.8.3 Thunderbird/3.0.5
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: remove alternate access method / access control list
References:	<AANLkTil9c8b1KpYm1Pyrlv3LYEQ1rL-87H5khqdHSpOk AT mail DOT gmail DOT com>
In-Reply-To:	<AANLkTil9c8b1KpYm1Pyrlv3LYEQ1rL-87H5khqdHSpOk@mail.gmail.com>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

--------------enig201BAC6E92564AD1473D861A
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 07/21/2010 11:44 AM, Fred Wheeler wrote:
> chmod affects the access permissions according to the ntsec system,
> but has no effect on this alternate access method.

This is possibly a bug in cygwin.  POSIX says:

http://www.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_=
04_04

"An alternate file access control mechanism shall:

    * Specify file permission bits for the file owner class, file group
class, and file other class of that file, corresponding to the access
permissions.
    * Be enabled only by explicit user action, on a per-file basis by
the file owner or a user with appropriate privileges.
    * Be disabled for a file after the file permission bits are changed
for that file with chmod(). "

That is, calling chmod() to change bits should also have the effect of
removing ACLs, per POSIX (although POSIX appears to be silent about the
case of calling chmod() to set the bits to the value they already have).

But you would need to test this on Linux, to see if cygwin behaves the
same as Linux in this regard, or maybe ask the POSIX folks for some
clarification.


Meanwhile, the correct tool to use for this task is setfacl(1).

Also, be aware that directories include inheritance ACLs, and that
inheritance ACLs are probably the main reason that files are created
with additional ACLs that cause ls to list a + for files in the first
place.  Generally, this is a good thing, as removing inheritance ACLs
from directories causes other problems in windows (so removing the +
from ls listings of files is a reasonable goal, but not necessarily
removing the + from ls listings of directories).

--=20
Eric Blake   eblake AT redhat DOT com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org


--------------enig201BAC6E92564AD1473D861A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJMRzZXAAoJEKeha0olJ0Nq4f4IAIMr+iEgpdDfGVWgYHNDug9l
zF7gHA5eb/tyD8AlIFjn4lymVklnqJwkvFn8AJLjV54YLFvv3ZjOdnxkzM6inBEB
Avurguupz+VT6gd6FFY3rqUBJo+FnrbT9M2OuLkduaSbWYK8VgSVY/Pqwbiz6a4/
GYJ0UboU8qO9CpWTtR+LYFrld0NX3ijR4O/n3mXk31W/wjemxHzfXngJu+CwvdE3
R+TaVhLjFaGNcdDFLRP2AIF3apIzLu/BUSOxX+X/kom52adNHItEBNsm4NIRE2Cd
BvNBK427dXiNp9xEuBVLR8BqeeB/Ri97PDJRRPKNBjXnMStjseJpfs3Tl1aQIZA=
=Z7mi
-----END PGP SIGNATURE-----

--------------enig201BAC6E92564AD1473D861A--

- Raw text -