delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2015/02/08/18:05:31

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:message-id:date:from:mime-version:to:subject
:content-type:content-transfer-encoding; q=dns; s=default; b=WH1
wgRYr5kxSdHJ3uFZeSiYGHZbru/BS0mTBX4OoxeikNmCYIzv5DoOdb6PRh40h7Bw
+Tt8fAli+u5kqDST2fZZfu2xLLbJheMavZ2pS0YAzwopQZJVCXduAHnEfmPyYNuk
wU3UZcN2fKz9LOUniGfwI9nmndAG9zKn0+19NF2Q=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:message-id:date:from:mime-version:to:subject
:content-type:content-transfer-encoding; s=default; bh=95kpUU+Lg
ZgwtS0hSHYHFMC5Z1c=; b=PvxG/ajQNp0WvSjOxIxIPtiaZWPzCTZEUXaxEN6w+
jJkhO9h0cpIwFrdUIHflj8UJG2OZFocVM5mYAjWOk51snJ86dAHBA8Q3QySwL5mA
ketwfDEc1Lr7XXmvPbUmaCiHb+1oUulM+K1Vi5YB8e5oNM9uT9aL1G9HzKsTf1vN
kU=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2
X-HELO: mout.kundenserver.de
Message-ID: <54D7EB4E.6020105@towo.net>
Date: Mon, 09 Feb 2015 00:03:42 +0100
From: Thomas Wolff <towo AT towo DOT net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: group permissions
X-UI-Out-Filterresults: notjunk:1;
X-IsSubscribed: yes 

With 1.7.34-6:
 > - the fixes in POSIX ACL handling and the effect this has on the standard
 >     POSIX group permissions, as well as the accompanying new setfacl(1)
 >     options -b/--remove-all and -k/--remove-default.
 >
 > Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl
 > andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working
 > andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts
Group permissions are now composed of multiple ACL entries, like:
-rw-rwx---+ 1 towo Domain Users   128 Feb  5 13:36 x
with ACL:
# file: x
# owner: towo
# group: Domain Users
user::rw-
group::r-x
group:SYSTEM:rwx
mask:rwx
other:---

chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x ,
the g-w bit is gone.
This is surprising behaviour (and has been discussed in a specific
context in another thread);
the explanation is hidden in only roughly related sections of the user
guide (setfacl) or even the FAQ,
and is not found in the section Permissions and Security where one would
look first;
I suggest to add an illustrative section there.

However, I am not yet convinced that the explanation makes it less
surprising from a POSIX point of view
because the file does not have the group 'SYSTEM' which is responsible
for the g+wx flags.
Maybe ls -l should display a more permissive group (in the example case
SYSTEM rather than Domain Users)
to give the user a hint? How is this handled on other ACL systems? (I
can check next week.)

Thomas

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019