X-Spam-Check-By: sourceware.org
Message-Id: <200701051934.l05JYbCj030969@tigris.pounder.sol.net>
To: cygwin AT cygwin DOT com
From: cygzx AT trodman DOT com (Tom Rodman)
Reply-to: cygwin AT cygwin DOT com
Subject: `setfacl -m u:jdoe:rwx foo` returns 0, but file not writable by jdoe??
Date: Fri, 05 Jan 2007 13:34:36 -0600
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Admittedly, this may be going "outside the cygwin perms model" a bit:

In the below test case file 'foo' has it's RO file attribute set, then has
it's owner changed to someone other than the current user, has the posix
group set to None, the DACL protected, and all aces removed from the DACL.

Next step is to run this (assumes we are user 'jdoe' [an administrator]):

  setfacl -m u:jdoe:rwx foo

Above command returns 0 but jdoe can not write.  The cause appears to
be that the windows RO file attribute is not unset by setfacl.

The example below uses 'setacl' ( http://setacl.sourceforge.net/html/doc-reference.html )
to protect and clear the DACL, and set owner and group.

Pls see example below. 

--
thanks,
Tom Rodman

--v-v------------------C-U-T---H-E-R-E-------------------------v-v-- 
$ cd /tmp
$ object=foo owner=staffuser2
$ rm -f foo; ls foo
ls: foo: No such file or directory
$ touch foo;cmd /c attrib +R foo 
$ setacl -on "$(cygpath -aw "$object")" -ot file -actn setowner -ownr "n:$owner" \
>         -actn setgroup -grp n:none -actn clear -clr dacl -actn setprot -op dacl:p_nc
Processing ACL of: <\\?\c:\aut\cyg\tmp\foo>

SetACL finished successfully.
$ ls -l foo
---------- 1 staffuser2 None 0 Jan  5 12:53 foo
$ cmd /c attrib foo
A    R     C:\aut\cyg\tmp\foo
$ dacl foo
+ setacl -on 'c:\aut\cyg\tmp\foo' -ot file -actn list -lst 'f:tab;w:o,g,d,s;i:y;s:n'
\\?\c:\aut\cyg\tmp\foo

   Owner: DOMxx1\staffuser2

   Group: OurWorkStn00\None


SetACL finished successfully.
+ set +x
$ getfacl foo
# file: foo
# owner: staffuser2
# group: None
user::---
group::---
mask:rwx
other:---
$ setfacl -m u:adm_usr1:rwx "$object"
$ getfacl foo
# file: foo
# owner: staffuser2
# group: None
user::---
user:adm_usr1:rwx
group::---
mask:rwx
other:---
$ echo hi >> foo
-bash: foo: Permission denied
$ test -w foo || echo not writable
not writable
$ : in another shell session user staffuser2 unsets RO file attribute
$ test -w foo || echo not writable by adm_usr1
$ echo hi >> foo
$
$ uname -a
CYGWIN_NT-5.0 OurWorkStn00 1.5.20s(0.155/4/2) 20060403 13:33:45 i686 Cygwin


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/