| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:content-type | |
| :content-transfer-encoding:date:from:to:subject:message-id; q= | |
| dns; s=default; b=XFI+0DV8w55dAzD8Y4MAKk7fsz7v4juQlSXPasBOLalwno | |
| HHUOEbGGSjFMDlScq+sSYZzHdfVbe28ppKFJEjSRQMZ4u5s3TF7a7nD45JZuCXaV | |
| eJ0THULQ0jdvwTXJMqYU1JDJhiClxfde0Ynp4FVP3wFeucOowahQAyr73DWyo= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:content-type | |
| :content-transfer-encoding:date:from:to:subject:message-id; s= | |
| default; bh=GMLOKtyvlFnu8PQkTNQDp+vvYuM=; b=HHT5PHq4BacfFpYaGaXS | |
| dM2RLFIHxm/TEjWxQPLJFfUjaFHfc/UEEcoCtT9XkWt8JesKoTaepm55lAbzxZ4N | |
| WGywSRoBnezGzOXZHZcE/przTWkCrIeWUsKslMvHVX/+df8Jjd30WeYJ8GS1rJnl | |
| cEf/SwWhtesZgQBJFQeOgY0= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-0.4 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=513, authenticated, Valid, 545 |
| X-HELO: | lb1-smtp-cloud2.xs4all.net |
| MIME-Version: | 1.0 |
| Date: | Sun, 20 Dec 2015 18:52:57 +0100 |
| From: | Houder <houder AT xs4all DOT nl> |
| To: | cygwin AT cygwin DOT com |
| Subject: | setfacl(2.4.0.14): recalculation of the ACL mask entry |
| Message-ID: | <4e359179a04344745b43991e66398a6e@xs4all.nl> |
| X-Sender: | houder AT xs4all DOT nl (zCwsf9Gz2h/qaQ7xIA+2lA==) |
| User-Agent: | XS4ALL Webmail |
| X-IsSubscribed: | yes |
Hi Corinna,
According to acl(5), the mask entry (as reported by getacl) is
"optional" if the
acl contains no 'u:uid:perm' and/or 'g:gid:perm' entries (ace's) ...
Ahem.
VALID ACLs (from acl(5) )
A valid ACL contains exactly one entry with each of the
ACL_USER_OBJ,
ACL_GROUP_OBJ, and ACL_OTHER tag types. Entries with ACL_USER and
ACL_GROUP tag types may appear zero or more times in an ACL. An ACL
that contains entries of ACL_USER or ACL_GROUP tag types must
contain
exactly one entry of the ACL_MASK tag type. If an ACL contains no
entries of ACL_USER or ACL_GROUP tag types, the ACL_MASK entry is
optional.
However, setfacl(1) and your setfacl also note, that the default
behaviour of
setfacl is to recalculate the mask entry ...
%% setfacl -h
Usage: setfacl [-n] {-f ACL_FILE | -s acl_entries} FILE...
setfacl [-n] {[-bk]|[-x acl_entries] [-m acl_entries]} FILE...
[snip]
-n, --no-mask
Valid in conjunction with -m. Do not recalculate the effective rights
mask. The default behavior of setfacl is to recalculate the ACL mask
entry,
unless a mask entry was explicitly given. The mask entry is set to
the
union of all permissions of the owning group, and all named user and
group
entries. (These are exactly the entries affected by the mask entry).
[snip]
I decided to experiment ... See below. (the mask entry is not
recalculated, it
appears).
Regards,
Henri
-----
%% uname -a
CYGWIN_NT-6.1-WOW Seven 2.4.0(0.292/5/3) 2015-12-20 13:18 i686 Cygwin
%% id
uid=1000(Henri) gid=513(None)
groups=513(None),1007(HelpLibraryUpdaters),559(Performance Log
Users),545(Users),11(Authenticated Users)
%% touch foo.txt
%% getfacl foo.txt
# file: foo.txt
# owner: Henri
# group: None
user::rw-
group::r--
other:r--
%% setfacl -m g:Replicator:rw- foo.txt
%% getfacl foo.txt
# file: foo.txt
# owner: Henri
# group: None
user::rw-
group::r--
group:Replicator:rw-
mask:rw-
other:r--
%% setfacl -x g:Replicator: foo.txt # and remove it again
%% getfacl foo.txt
# file: foo.txt
# owner: Henri
# group: None
user::rw-
group::r--
mask:rw- <==== mask is now optional according to acl(5), but ...
other:r--
%% ls -l foo.txt
-rw-rw-r-- 1 Henri None 0 Dec 20 17:59 foo.txt <==== OK, but ...
%%
Ok, the permissions correspond with the mask (see acl(5) ), but
according to setfacl(1),
the mask should have been recalculated ...
According to acl(5):
ACL ENTRIES
ACL_MASK The ACL_MASK entry denotes the maximum access
rights that can be granted by entries of type
ACL_USER, ACL_GROUP_OBJ, or ACL_GROUP.
Recalculation by me in this case, yields: mask:r--
(perhaps, as suggested by Sam, I should retire ... it is all getting
beyond
simple is it not?)
### switch from user Henri to user Test
(can another user with the same gid, modify the file?)
%% pwd
/home/Test
%% cd ../Henri
%% id
uid=1006(Test) gid=513(None)
groups=513(None),545(Users),11(Authenticated Users)
%% ls -l foo.txt
-rw-rw-r-- 1 Henri None 0 Dec 20 17:59 foo.txt
%% echo Corinna > foo.txt
bash: foo.txt: Permission denied <==== OK, but the permissions as shown,
are
misleading, are they not?
%%
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |