X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Date: Mon, 15 Nov 2010 17:01:36 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Executable bit check Message-ID: <20101115160136.GB17405@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <76B81B8B64B6254B98733990F38621DA6A0F AT sron-chi-exc05 DOT ronin DOT roncap DOT com> <4CD35A71 DOT 3030707 AT cygwin DOT com> <76B81B8B64B6254B98733990F38621DA6A13 AT sron-chi-exc05 DOT ronin DOT roncap DOT com> <4CD43740 DOT 8030006 AT redhat DOT com> <76B81B8B64B6254B98733990F38621DA6A1D AT sron-chi-exc05 DOT ronin DOT roncap DOT com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <76B81B8B64B6254B98733990F38621DA6A1D@sron-chi-exc05.ronin.roncap.com> User-Agent: Mutt/1.5.20 (2009-06-14) Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Nov 5 14:47, Illia Bobyr wrote: > On 11/5/2010 11:56 AM, Eric Blake wrote: > > [...] > > On Linux: > > > > $ setfacl -m mask:rwx d/f > > $ getfacl d/f > > # file: d/f > > # owner: eblake > > # group: eblake > > user::rw- > > user:dummy:rwx > > group::rw- > > mask::rwx > > other::r-- > > > > $ chmod -x d/f > > $ getfacl d/f > > # file: d/f > > # owner: eblake > > # group: eblake > > user::rw- > > user:dummy:rwx #effective:rw- > > group::rwx #effective:rw- > > mask::rw- > > other::r-- > > > > Interestingly - that means that on Linux, chmod -x changed the mask > > entry of the ACLs, such that the effective permissions for the alternate > > user are no longer permitted; so even though user dummy has rwx ACLs, > > the mask prevents the user from executing the file any more. > > > > Cygwin does not emulate Linux in this regards at the moment, but now > > that you have pointed out a simple test case, it may be possible to > > patch cygwin1.dll to make the chmod() syscall affect the ACL mask as on > > Linux. That's very tricky. The chmod function only gets a new mode_t value which only applies to owner/group/others and the mask value. The mask value is changed by a chmod as well and non-default users and groups in the ACL are only affected indirectly by the mask value which results in effective permissions, as you can see above. And here's the problem: > It seems that setfacl also does not change the "mask" part on Cygwin: There's no equivalent for the Solaris/POSIX mask value in the Windows ACL. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple