X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=TFGBt8LrZ+DYUnU3anu0ZR/tCcO3CffZ857MgweKgpnyUUZpa2i/Q
	rYq5d8OA7UVy+0fMbk/RVSBVwRHB+Hg1iPg1gZaATzslPMbP3vxkNRblxH7Gy+J1
	NQERMEnT281FEVFWa0r7iCqktSthQmdJnkBoeLa4TuYOgWwUMrSqj0=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=eTJ674+h32196obdR9pb0mNhdrU=; b=R6V6xbhamhvL94zpSydU9wgYpZcY
	+NTu+Sr///kfNHtaElOSmF4G0n9Z5GzKO0UglzIwtr9FRsuYrlWSzwXjAj9BekQl
	03irVk/LetyBZgZa6sy37tpzvRirETTWHpBt59ns7Z3/xZPToSfj4J75/S6EZLZa
	KZ7YgUfIj6b8b7A=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Mon, 9 Feb 2015 10:14:45 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: group permissions
Message-ID: <20150209091445.GA10457@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <54D7EB4E DOT 6020105 AT towo DOT net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="vtzGhvizbBRQ85DL"
Content-Disposition: inline
In-Reply-To: <54D7EB4E.6020105@towo.net>
User-Agent: Mutt/1.5.23 (2014-03-12)

--vtzGhvizbBRQ85DL
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Feb  9 00:03, Thomas Wolff wrote:
> With 1.7.34-6:
> > - the fixes in POSIX ACL handling and the effect this has on the standa=
rd
> >     POSIX group permissions, as well as the accompanying new setfacl(1)
> >     options -b/--remove-all and -k/--remove-default.
> >
> > Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl
> > andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working
> > andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts
> Group permissions are now composed of multiple ACL entries, like:
> -rw-rwx---+ 1 towo Domain Users   128 Feb  5 13:36 x
> with ACL:
> # file: x
> # owner: towo
> # group: Domain Users
> user::rw-
> group::r-x
> group:SYSTEM:rwx
> mask:rwx
> other:---
>=20
> chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x ,
> the g-w bit is gone.  This is surprising behaviour (and has been
> discussed in a specific context in another thread); the explanation is
> hidden in only roughly related sections of the user guide (setfacl) or
> even the FAQ, and is not found in the section Permissions and Security
> where one would look first; I suggest to add an illustrative section
> there.

Yes, sure, why not.  Any idea for a patch?

> However, I am not yet convinced that the explanation makes it less
> surprising from a POSIX point of view because the file does not have
> the group 'SYSTEM' which is responsible for the g+wx flags.  Maybe ls
> -l should display a more permissive group (in the example case SYSTEM
> rather than Domain Users) to give the user a hint? How is this handled
> on other ACL systems? (I can check next week.)

ls shows the primary group of the file and that's not going to change.
The hint that more permissions are given is the '+' sign appened to the
permission bits.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--vtzGhvizbBRQ85DL
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU2HqFAAoJEPU2Bp2uRE+gHU8P/0qCBuVkrWajTdqew97Niz5U
SQRE2w+k4x6QINGVIbAX1vRT99xSaWo336PxtNegj4Z2p1RnUtemCeUfVFSejpg1
Grz7BTl5mmp98DeLaIGm/adC7lUXURtb7HZCvki1CgKwfFAznloQbThDsid5TJXB
4rUd2BO6ByKu8FMk0SWZuZpND3/nT6kDDrNwQjze+E+wZyWsL/CfXPA3OQ3SHehC
bJ42I3a3FZaYrbiSpynkXX3XMUFZC5hzAeh4HlgPm4ud+uCcDpKbcEwysc4CeXdc
vz0L6bquKmmLSDFlT9mf2yQcJxvqRJp0TcqhXiAtW0B6PYpS9RqJMt4mL7P7PIFj
99J8YMGhKijr9ntn4ODAwhy009tCK60XZDQo/N9wsj3WDjz0YX4azbk9n1fC+Oxf
djwlbDElRAnTHTn9UmRbojA033At69m2aK2Lh85m1tklU3N7FaIDl1Ks0vTl58FC
A4J7S0MLFgpMuMqn96lSaPdylIMYIVrFu/VFFvR0k50xorFuq/cZMJh0bw8Fc1fB
Zt0PJakuspv+bnYtmbhdz+9TJvlUU0cgxvd8lABe/oUwZWhF6ITb0aJkYJ3Ru28K
LNVpUawE6bhmCLMmF9lODgi1aKjYfPpffknUUQ3Peq5FWhrqSS9pMr0He9B3y4Me
+Y6mAUWQL51l2PEt/Y6w
=BQBG
-----END PGP SIGNATURE-----

--vtzGhvizbBRQ85DL--