| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:subject | |
| :references:in-reply-to:content-type:content-transfer-encoding; | |
| q=dns; s=default; b=aSrKSCFYp4wFbPmTs5cvVLInOUs8A2uQ4Dkg5Drk5yc | |
| F08TJ1G4bLYxmHAdU478J9CkbrLS9yng/pGbUlNd5gUNTknLThD5IOVJOG/hteyS | |
| pAJZm/6Pko8AVKp2syzaEnddokN7wFgcSc7tlYTOubELa4mj79CoAlEsc5roeDts | |
| = | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:subject | |
| :references:in-reply-to:content-type:content-transfer-encoding; | |
| s=default; bh=NucRTRr50IiXcxMPVJhMdKSpj+o=; b=kt/Ajux9v4XfWDoWH | |
| XELfWTyWRG8x1LoVzctshi3Upi5BBAnbO+mZ+vikzA5xQKuAMYghL3IckxNkr3x7 | |
| pv80ijOKfEKhEg4pjhL0VB/fvp6RyhAM51jTuVI3/wYET+s6Sz3BLqfzhA4ASCJn | |
| iNMgvEzd8w2gu++4kwk8dM9jWU= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-0.8 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 |
| X-HELO: | mout.kundenserver.de |
| Message-ID: | <54D91687.8090301@towo.net> |
| Date: | Mon, 09 Feb 2015 21:20:23 +0100 |
| From: | Thomas Wolff <towo AT towo DOT net> |
| User-Agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: group permissions |
| References: | <54D7EB4E DOT 6020105 AT towo DOT net> <20150209091445 DOT GA10457 AT calimero DOT vinschen DOT de> |
| In-Reply-To: | <20150209091445.GA10457@calimero.vinschen.de> |
| X-TagToolbar-Keys: | D20150209212022811 |
| X-UI-Out-Filterresults: | notjunk:1; |
| X-IsSubscribed: | yes |
Am 09.02.2015 um 10:14 schrieb Corinna Vinschen: > On Feb 9 00:03, Thomas Wolff wrote: >> With 1.7.34-6: >>> - the fixes in POSIX ACL handling and the effect this has on the standard >>> POSIX group permissions, as well as the accompanying new setfacl(1) >>> options -b/--remove-all and -k/--remove-default. >>> >>> Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl >>> andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working >>> andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts >> Group permissions are now composed of multiple ACL entries, like: >> -rw-rwx---+ 1 towo Domain Users 128 Feb 5 13:36 x >> with ACL: >> # file: x >> # owner: towo >> # group: Domain Users >> user::rw- >> group::r-x >> group:SYSTEM:rwx >> mask:rwx >> other:--- >> >> chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x , >> the g-w bit is gone. This is surprising behaviour (and has been >> discussed in a specific context in another thread); the explanation is >> hidden in only roughly related sections of the user guide (setfacl) or >> even the FAQ, and is not found in the section Permissions and Security >> where one would look first; I suggest to add an illustrative section >> there. > Yes, sure, why not. Any idea for a patch? > >> However, I am not yet convinced that the explanation makes it less >> surprising from a POSIX point of view because the file does not have >> the group 'SYSTEM' which is responsible for the g+wx flags. Maybe ls >> -l should display a more permissive group (in the example case SYSTEM >> rather than Domain Users) to give the user a hint? How is this handled >> on other ACL systems? (I can check next week.) > ls shows the primary group of the file and that's not going to change. > The hint that more permissions are given is the '+' sign appened to the > permission bits. I checked on a Ubuntu system where behaviour is more intuitive by some functionally added by chmod; it implicitly modifies the “mask” entry to achieve exactly the effect most likely to be desired by chmod (showing only the group-relevant output lines of getfacl below): Cygwin: > ls -l x; getfacl x -rw-r--r-- 1 me Domain Users 0 Feb 9 15:04 x group::r-- > setfacl -m group:Users:rwx x > ls -l x; getfacl x -rw-rwxr--+ 1 me Domain Users 0 Feb 9 15:04 x group::r-- group:Users:rwx mask:rwx > chmod g-wx x > ls -l x; getfacl x -rw-rwxr--+ 1 me Domain Users 0 Feb 9 15:04 x group::r-- group:Users:rwx mask:rwx Ubuntu: > ls -l x; getfacl x -rw-r--r-- 1 xubuntu xubuntu 0 Feb 9 15:04 x group::r-- > setfacl -m group:adm:rwx x > ls -l x; getfacl x -rw-rwxr--+ 1 xubuntu xubuntu 0 Feb 9 15:04 x group::r-- group:adm:rwx mask:rwx > chmod g-wx x > ls -l x; getfacl x -rw-r--r--+ 1 xubuntu xubuntu 0 Feb 9 15:04 x group::r-- group:adm:rwx #effective:r-- mask:r-- ------ Thomas -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright 2019 by DJ Delorie | Updated Jul 2019 |