X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-6.8 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Message-ID: <4C473657.7060209@redhat.com> Date: Wed, 21 Jul 2010 12:03:03 -0600 From: Eric Blake User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100621 Fedora/3.0.5-1.fc13 Lightning/1.0b2pre Mnenhy/0.8.3 Thunderbird/3.0.5 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: remove alternate access method / access control list References: In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig201BAC6E92564AD1473D861A" X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com --------------enig201BAC6E92564AD1473D861A Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 07/21/2010 11:44 AM, Fred Wheeler wrote: > chmod affects the access permissions according to the ntsec system, > but has no effect on this alternate access method. This is possibly a bug in cygwin. POSIX says: http://www.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_= 04_04 "An alternate file access control mechanism shall: * Specify file permission bits for the file owner class, file group class, and file other class of that file, corresponding to the access permissions. * Be enabled only by explicit user action, on a per-file basis by the file owner or a user with appropriate privileges. * Be disabled for a file after the file permission bits are changed for that file with chmod(). " That is, calling chmod() to change bits should also have the effect of removing ACLs, per POSIX (although POSIX appears to be silent about the case of calling chmod() to set the bits to the value they already have). But you would need to test this on Linux, to see if cygwin behaves the same as Linux in this regard, or maybe ask the POSIX folks for some clarification. Meanwhile, the correct tool to use for this task is setfacl(1). Also, be aware that directories include inheritance ACLs, and that inheritance ACLs are probably the main reason that files are created with additional ACLs that cause ls to list a + for files in the first place. Generally, this is a good thing, as removing inheritance ACLs from directories causes other problems in windows (so removing the + from ls listings of files is a reasonable goal, but not necessarily removing the + from ls listings of directories). --=20 Eric Blake eblake AT redhat DOT com +1-801-349-2682 Libvirt virtualization library http://libvirt.org --------------enig201BAC6E92564AD1473D861A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJMRzZXAAoJEKeha0olJ0Nq4f4IAIMr+iEgpdDfGVWgYHNDug9l zF7gHA5eb/tyD8AlIFjn4lymVklnqJwkvFn8AJLjV54YLFvv3ZjOdnxkzM6inBEB Avurguupz+VT6gd6FFY3rqUBJo+FnrbT9M2OuLkduaSbWYK8VgSVY/Pqwbiz6a4/ GYJ0UboU8qO9CpWTtR+LYFrld0NX3ijR4O/n3mXk31W/wjemxHzfXngJu+CwvdE3 R+TaVhLjFaGNcdDFLRP2AIF3apIzLu/BUSOxX+X/kom52adNHItEBNsm4NIRE2Cd BvNBK427dXiNp9xEuBVLR8BqeeB/Ri97PDJRRPKNBjXnMStjseJpfs3Tl1aQIZA= =Z7mi -----END PGP SIGNATURE----- --------------enig201BAC6E92564AD1473D861A--