Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com To: cygwin AT cygwin DOT com Subject: setfacl bug? From: Dmitry Bely Date: Sat, 10 Apr 2004 20:10:15 +0400 Message-ID: User-Agent: Gnus/5.090008 (Oort Gnus v0.08) XEmacs/21.4 (Military Intelligence (RC5 Windows), i586-pc-win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Let's consider the following scenario: [--- cut ---] C:\Work\test-facl>setfacl -s u::rwx,g::rwx,m:rwx,o:rwx . C:\Work\test-facl>getfacl . # file: . # owner: Administrators # group: None user::rwx group::rwx mask:rwx other:rwx C:\Work\test-facl>setfacl -m d:u::rwx,d:g::rwx,d:m:rwx,d:o:rwx . C:\Work\test-facl>getfacl . # file: . # owner: Administrators # group: None user::rwx group::rwx mask:rwx other:--- default:user::rwx default:group::rwx default:other:rwx [--- cut ---] Note the "other" entry access rights! I think the problem is the following: second setfacl should analyse existing ACE's AceFlags and decide if it has to modify the existing ACE (if INHERIT_ONLY_ACE is set) or add the new one. It seems that it does not do that (although I did not look into the sources). So the Everyone's ACE (other: entry) is replaced with INHERIT_ONLY_ACE (default:other entry) which effectively prohibits any access. BTW, setfacl -s u::rwx,g::rwx,m:rwx,o:rwx,d:u::rwx,d:g::rwx,d:m:rwx,d:o:rwx . leads just to the same result (no access to the directory for "other" group) If my analysis is correct, could you fix this? - Dmitry Bely -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/