X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=LvfijxRqtCkPCyby ymHVbOaSstvN4Hkehya/gDrDW133Rz4dy/etYPyewF9VyriKuvQXVevU5ZSe2hgb AiygjczH3bWEcGu1APEqUrqjF5XrRi6F1XVQ704he3byq6V2Il3ahEUbiFS0qMrU Dkv2wJPtxrFHldWfql06Pw1HDRI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; s=default; bh=tbayAv6tgBXtzK20vhESzc 0o6Ew=; b=HyyL3nlOwD/EbqB9pwc7lA7Qj8MQPCPR8TbB+RpvXu6PLvU7phWPAs J2e5H3CcygBYGKL+8W0jSvRQFfguOVU9eSd+4EKPrzEGpQsUlGH2DTMcStLjH4Mp PYBEeJNsLyEmbJy1QCbRhxUPO9+ROTCIQ3kpBLMJmBWnLGTR9K2Io= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.1 required=5.0 tests=AWL,BAYES_50,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 spammy=perms, rx, Wolff, ADDED X-HELO: demumfd001.nsn-inter.net Subject: Re: setfacl to remove a permission implicit adds another To: cygwin AT cygwin DOT com References: <5674265F DOT 2040902 AT towo DOT net> <567430CD DOT 1020801 AT towo DOT net> <20151218171150 DOT GP3507 AT calimero DOT vinschen DOT de> <20151218193829 DOT GR3507 AT calimero DOT vinschen DOT de> From: Thomas Wolff Message-ID: <5677FAEE.5000405@towo.net> Date: Mon, 21 Dec 2015 14:13:18 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <20151218193829.GR3507@calimero.vinschen.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-purgate-type: clean X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de X-purgate: clean X-purgate: This mail is considered clean (visit http://www.eleven.de for further information) X-purgate-size: 1634 X-purgate-ID: 151667::1450703598-00002C61-49AB6419/0/0 X-IsSubscribed: yes On 18.12.2015 20:38, EXT Corinna Vinschen wrote: > On Dec 18 18:11, Corinna Vinschen wrote: >> On Dec 18 17:14, Thomas Wolff wrote: >>> I wrote: >>>> ... >>>> After removing SYSTEM write permission with setfacl, >>>> it was effectively removed for SYSTEM but the other groups got >>>> write permission ADDED instead (as also properly indicated by ls) − >>>> which is kind of the opposite of the intended operation. >>> cygwin-2.4.0-0.11, sorry >> In that case the behaviour is by design. Try the same on Linux and the >> result will be the same. Every time you change group perms, the mask >> will be changed to reflect the maximum permissions given to any group or >> seccondary user. You always have to check the mask or set it explicitely >> to the desired value. > I'm sorry, but I forgot to mention an important part: Recomputing the > mask is *not* done in the kernel or, in our case, Cygwin. Rather this > functionality is part of the setfacl tool. Setfacl recomputes the mask > by default. There's a new option -n/--no-mask as on Linux to retain the > current mask setting, e.g. > > $ setfacl -n -m g:wheel:r-x file > > Try setfacl --help for a comprehensive description of all options. > > > HTH, Yes, thank you. Just pondering: "...the maximum/union of all permissions..." could well be interpreted as "... all *effective* permissions" which would make a difference in the presented case. Anyway, you are right, this is an upstream design issue. And upstream in this case seems to mean referring to a standard that isn't even officially available anymore... ------ Thomas -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple