X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=rAc6ay96WOO2E6oQ uV3vVs9Q9sHYJnfqr85oCeBU55L4aehSEvA58/uD/Z9zZ85ns4LjF6VKZVVAXExp 2numuiEO2bD+z+ZRoillSm//+CDg2M+/BIPtxaPc+HuA/3d14bC3zApH1drhtf/O W8JO22kHqXMas66tzgGS97YMZUw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:reply-to:message-id:to:subject :in-reply-to:references:mime-version:content-type :content-transfer-encoding; s=default; bh=HBrw24rCeHwtnqyA66ClVQ 3Eq+c=; b=sog9SvAFybwgL6YPgA+m/RPrAS71CjtToyzSwouPIc/tLjkEDLxz+X B0A2GXylqNXkXPPxpLHZKDz1IwibHOtQBU4u3Vc4CyxmUnv+leDFFdOLd/U2us82 jfbsW5kT6sCD9Y9rOtabRuWRdBlC9ysMq+10zpUA/z9rhqT09BJvQ= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.7 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_BODY_URIBL_PCCC,KAM_FROM_URIBL_PCCC,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 X-HELO: smtp.ht-systems.ru Date: Mon, 9 Feb 2015 07:09:22 +0300 From: Andrey Repin Reply-To: cygwin AT cygwin DOT com Message-ID: <1567330307.20150209070922@yandex.ru> To: Thomas Wolff , cygwin AT cygwin DOT com Subject: Re: group permissions In-Reply-To: <54D7EB4E.6020105@towo.net> References: <54D7EB4E DOT 6020105 AT towo DOT net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Greetings, Thomas Wolff! > With 1.7.34-6: >> - the fixes in POSIX ACL handling and the effect this has on the standard >> POSIX group permissions, as well as the accompanying new setfacl(1) >> options -b/--remove-all and -k/--remove-default. >> >> Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl >> andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working >> andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts > Group permissions are now composed of multiple ACL entries, like: > -rw-rwx---+ 1 towo Domain Users 128 Feb 5 13:36 x > with ACL: > # file: x > # owner: towo > # group: Domain Users > user::rw- > group::r-x > group:SYSTEM:rwx > mask:rwx > other:--- > chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x , > the g-w bit is gone. > This is surprising behaviour (and has been discussed in a specific > context in another thread); > the explanation is hidden in only roughly related sections of the user > guide (setfacl) or even the FAQ, > and is not found in the section Permissions and Security where one would > look first; > I suggest to add an illustrative section there. Perhaps, a link to https://cygwin.com/faq/faq.html#faq.using.ssh-pubkey-stops-working would suffice. > However, I am not yet convinced that the explanation makes it less > surprising from a POSIX point of view because the file does not have the > group 'SYSTEM' which is responsible for the g+wx flags. > Maybe ls -l should display a more permissive group (in the example case > SYSTEM rather than Domain Users) to give the user a hint? How is this > handled on other ACL systems? (I can check next week.) See the abovementioned link. -- WBR, Andrey Repin (anrdaemon AT yandex DOT ru) 09.02.2015, <07:07> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple