| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:content-type:content-transfer-encoding | |
| :subject:message-id:date:to:mime-version; q=dns; s=default; b=sZ | |
| p/BkeOTkni0dBpgiAu9qM2APtdqBGGHl9SU3WFx7CD6D8RoV41FPW7xZ5G/KgchR | |
| vyrAWnS7pjCjx82cIlTDlZ890rP1I8f+T2lfbytAZq5JbH1nnH/ucqh2Zm/efVQn | |
| yKuqidS2B+zXjRqUQwO8xe7WZV8s/IEvrVa42P9kk= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:content-type:content-transfer-encoding | |
| :subject:message-id:date:to:mime-version; s=default; bh=HhmD+Tdm | |
| Jt8enB8tXZIPxFYNTlg=; b=jxVdG2hZkTWLl5FsgbOJ0K4XWkZCVJm+g66sQ6zQ | |
| fGaR79adJ3qaoh6a05ihgSExitXGJVKeQjaMtmMzJ1HLtdqgx4b4ZWCzrLuANHna | |
| y3Kk+6Evu0rv3zcwUQxi215jmI9ivNb/q8VvZVAcOtqFLvnGi3J20U0Ho6ys2CX5 | |
| 9cg= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-0.5 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=H*m:usa, deny, H*r:qmail-ldap-1.03, H*r:envelope-sender |
| X-HELO: | etr-usa.com |
| From: | Warren Young <wyml AT etr-usa DOT com> |
| Subject: | How to remove pesky persistent +x bits that chmod -x won't remove |
| Message-Id: | <00BA0C17-F983-45BD-979C-E7BE2E62316C@etr-usa.com> |
| Date: | Thu, 19 May 2016 19:01:32 -0600 |
| To: | The Cygwin Mailing List <cygwin AT cygwin DOT com> |
| Mime-Version: | 1.0 (Mac OS X Mail 9.3 \(3124\)) |
| X-IsSubscribed: | yes |
| X-MIME-Autoconverted: | from quoted-printable to 8bit by delorie.com id u4K1264o005008 |
I think I have an ACL inheritance problem. Here’s the scenario:
$ ls -l Protocol.md ## Boo, bad permissions; shouldn’t be +x!
-rwxr--r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*
$ chmod -x Protocol.md
$ ls -l Protocol.md ## Still +x! Did I stutter?
-rwxr--r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*
$ icacls.exe Protocol.md ## Okayyy…lots of X’s
Protocol.md NULL SID:(DENY)(Rc,S,X,DC)
MOSSYMAZE\Warren:(R,W,D,WDAC,WO)
MOSSYMAZE\Warren:(DENY)(S,X)
NT AUTHORITY\SYSTEM:(DENY)(S,X)
BUILTIN\Administrators:(DENY)(S,X)
MOSSYMAZE\Warren:(RX)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
Everyone:(R)
Successfully processed 1 files; Failed processing 0 files
$ icacls Protocol.md /reset ## Nuke the X’s!
processed file: Protocol.md
Successfully processed 1 files; Failed processing 0 files
$ ls -l Protocol.md ## Still +x!
-rwx---r-x+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*
$ chmod -x Protocol.md ## Ah, *now* it will listen to me.
$ ls -l Protocol.md
-rw----r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md
$ icacls.exe Protocol.md ## Clear as mud
Protocol.md NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
MOSSYMAZE\Warren:(I)(F)
Everyone:(I)(RX)
I assume this is happening because something farther up the directory tree keeps reapplying the +x bit to this file, but I can’t see what from the icacls output. Is there a tool that will give me a tree view so I can see what’s applied at each level? Failing that, do I just run icacls on every parent directory of this file? And then what? I don’t think I dare /reset all permissions clear back to the root.
This 2-step permission fix is getting old, because the bad permissions come back again every time something rewrites one of the affected files.
For what it’s worth, setfacl -bk followed by a chmod -x sometimes always fixes this. I’m just using icacls above because its output seems clearer, probably because it’s NTFS-native, not reinterpreting everything through a POSIX lens.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |