X-Recipient: archive-cygwin@delorie.com
X-Spam-Check-By: sourceware.org
Date: Mon, 15 Nov 2010 17:01:36 +0100
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Executable bit check
Message-ID: <20101115160136.GB17405@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <76B81B8B64B6254B98733990F38621DA6A0F@sron-chi-exc05.ronin.roncap.com> <4CD35A71.3030707@cygwin.com> <76B81B8B64B6254B98733990F38621DA6A13@sron-chi-exc05.ronin.roncap.com> <4CD43740.8030006@redhat.com> <76B81B8B64B6254B98733990F38621DA6A1D@sron-chi-exc05.ronin.roncap.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <76B81B8B64B6254B98733990F38621DA6A1D@sron-chi-exc05.ronin.roncap.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

On Nov  5 14:47, Illia Bobyr wrote:
> On 11/5/2010 11:56 AM, Eric Blake wrote:
> > [...]
> > On Linux:
> >
> > $ setfacl -m mask:rwx d/f
> > $ getfacl d/f
> > # file: d/f
> > # owner: eblake
> > # group: eblake
> > user::rw-
> > user:dummy:rwx
> > group::rw-
> > mask::rwx
> > other::r--
> >
> > $ chmod -x d/f
> > $ getfacl d/f
> > # file: d/f
> > # owner: eblake
> > # group: eblake
> > user::rw-
> > user:dummy:rwx			#effective:rw-
> > group::rwx			#effective:rw-
> > mask::rw-
> > other::r--
> >
> > Interestingly - that means that on Linux, chmod -x changed the mask
> > entry of the ACLs, such that the effective permissions for the alternate
> > user are no longer permitted; so even though user dummy has rwx ACLs,
> > the mask prevents the user from executing the file any more.
> >
> > Cygwin does not emulate Linux in this regards at the moment, but now
> > that you have pointed out a simple test case, it may be possible to
> > patch cygwin1.dll to make the chmod() syscall affect the ACL mask as on
> > Linux.

That's very tricky.  The chmod function only gets a new mode_t value which
only applies to owner/group/others and the mask value.  The mask value
is changed by a chmod as well and non-default users and groups in the ACL
are only affected indirectly by the mask value which results in effective
permissions, as you can see above.

And here's the problem:

> It seems that setfacl also does not change the "mask" part on Cygwin:

There's no equivalent for the Solaris/POSIX mask value in the Windows ACL.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple