Subject: default ACLs
From: Mikel Ward <mward@aconex.com>
To: cygwin@cygwin.com
Content-Type: text/plain
Date: Fri, 23 Oct 2009 10:45:27 +1100
Message-Id: <1256255127.2713.41.camel@mward-laptop.ops.acx>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com

Hi All

Default ACLs don't seem to work as they would on Linux, or for that
matter as they do for files created via Windows Explorer.

Is this expected?

Administrator@hostname:/
$ mkdir newdir

Administrator@hostname:/
$ getfacl newdir
# file: newdir
# owner: Administrator
# group: None
user::rwx
group::r-x
mask:rwx
other:r-x
default:user::rwx
default:group::r-x
default:other:r-x

Administrator@hostname:/
$ setfacl -m 'd:g:dbas:rwx,d:g:SYSTEM:rwx' newdir

Administrator@hostname:/
$ getfacl newdir
# file: newdir
# owner: Administrator
# group: None
user::rwx
group::r-x
mask:rwx
other:r-x
default:user::rwx
default:group::r-x
default:group:SYSTEM:rwx
default:group:dbas:rwx
default:mask:rwx
default:other:r-x

Administrator@hostname:/
$ touch newdir/newfile

Administrator@hostname:/
$ getfacl newdir/newfile
# file: newdir/newfile
# owner: Administrator
# group: None
user::rw-
group::r--
mask:rwx
other:r--

Irrespective of CYGWIN=(null), CYGWIN=ntsec, or CYGWIN=nontsec.

If I create a file in Windows Explorer, its ACLs are:
$ getfacl newdir/newfile2
# file: newdir/newfile2
# owner: Administrators
# group: None
user::rwx
group::r-x
group:SYSTEM:rwx
group:Users:r-x
group:dbas:rwx
mask:rwx
other:r-x

Basically I'm looking for a way to ensure the right users and groups can read files that I create.

Thanks

Mikel


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple