X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=R1cpyc0sxBuYA/hj/tXB3oLPem/YKhrMfwqnI/9eqUr7dLnd/vwXx
	PYTQhOStTpeH7nIbnAdRGtNu4CXC8shQNzUQZVf4EcG6WWnC7h2rnhqrOI9Jy8v/
	gMCDqZCdEsUPCx77d2rM8KmR9yjFGaJc3myz6nii8QYt/GN8JGOrdY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=PmpSok+8mmZxFjAJd8tvh2g729I=; b=prvUu1kMWVtG10eU9DyoQPei1tLG
	Rw43/G9uCVdBZTUNttqreuzmxYiyu87fzKTVyx53I8R3c6Uu1PuxBhjJBhWVSjjL
	B2YCvIrYK4+pXKbumnVYC24SN2NkyU4HNMOnhOHWLR58J8OE/rO/UE3b/eKz+2Yz
	Keqnv/6lggtvpAU=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-96.9 required=5.0 tests=AWL,BAYES_50,EXCEL_ATTACHED,KAM_LAZY_DOMAIN_SECURITY,KHOP_DYNAMIC,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=perms, Wolff, wolff, rx
X-HELO: calimero.vinschen.de
Date: Mon, 21 Dec 2015 16:03:50 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: setfacl to remove a permission implicit adds another
Message-ID: <20151221150350.GH4034@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <5674265F DOT 2040902 AT towo DOT net> <567430CD DOT 1020801 AT towo DOT net> <20151218171150 DOT GP3507 AT calimero DOT vinschen DOT de> <20151218193829 DOT GR3507 AT calimero DOT vinschen DOT de> <5677FAEE DOT 5000405 AT towo DOT net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="zGQnqpIoxlsbsOfg"
Content-Disposition: inline
In-Reply-To: <5677FAEE.5000405@towo.net>
User-Agent: Mutt/1.5.24 (2015-08-30)

--zGQnqpIoxlsbsOfg
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Dec 21 14:13, Thomas Wolff wrote:
> On 18.12.2015 20:38, EXT Corinna Vinschen wrote:
> >On Dec 18 18:11, Corinna Vinschen wrote:
> >>On Dec 18 17:14, Thomas Wolff wrote:
> >>>I wrote:
> >>>>...
> >>>>After removing SYSTEM write permission with setfacl,
> >>>>it was effectively removed for SYSTEM but the other groups got
> >>>>write permission ADDED instead (as also properly indicated by ls) =E2=
=88=92
> >>>>which is kind of the opposite of the intended operation.
> >>>cygwin-2.4.0-0.11, sorry
> >>In that case the behaviour is by design.  Try the same on Linux and the
> >>result will be the same.  Every time you change group perms, the mask
> >>will be changed to reflect the maximum permissions given to any group or
> >>seccondary user.  You always have to check the mask or set it explicite=
ly
> >>to the desired value.
> >I'm sorry, but I forgot to mention an important part:  Recomputing the
> >mask is *not* done in the kernel or, in our case, Cygwin.  Rather this
> >functionality is part of the setfacl tool.  Setfacl recomputes the mask
> >by default.  There's a new option -n/--no-mask as on Linux to retain the
> >current mask setting, e.g.
> >
> >   $ setfacl -n -m g:wheel:r-x file
> >
> >Try setfacl --help for a comprehensive description of all options.
> >
> >
> >HTH,
> Yes, thank you.
> Just pondering:
> "...the maximum/union of all permissions..." could well be interpreted as
> "... all *effective* permissions"

Uh, no.  The effective permissions are a *result* of applying the mask,
so they can't constitute the mask.  Stimulus/response are unambiguously
defined here.

> which would make a difference in the presented case.
> Anyway, you are right, this is an upstream design issue. And upstream in
> this case seems to mean referring to a standard that isn't even officially
> available anymore...

Heh, yes.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--zGQnqpIoxlsbsOfg
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWeBTVAAoJEPU2Bp2uRE+gdbEQAJ9yrZZ6xJAV1hz1dky4zB+R
I80+NHBIYUWagDvQj9PLYfrsSJwkQGhlPtj0LYd8acxXodhu2uZ2jRvOwSjnW5XL
uiYx3FTjNLvQktNWgpDDObTt6GFVvzzwSnDVMwoECjx0f9JTOe3IW5BB+Znv/gK2
xbRjsWwock1ly+i568/ZWdv2s4oi7tIEjpXpx5dtWhaH01hNoN1a11ApVdqRA3ig
By9RzxyImPWJvAL1j//yOPrZZ78iqqIEIekJmoGeBZ/JraPM2aXawAtKcAqdZTks
RtMxrnLwI5zTqXpEaQ3/INjX7USMcIpFbgEIoueFRJMtUD/VopXjSJKQ5t4FFPK5
XSMPNdtpuUTz9Uuu5TV9AF4kzhN+cFJbY1ag2Hg3//Ydb2+m1YssATOerngeK9tr
olUloua77LJ4i3UvEmXKhqzp2m1ZAQtB+pHHOflsvipk5QswBEKbFSgEvuo6h6kI
xYqngvXHGlzm4YMnQWEurImXwSbTJ3VDDskBC2B4iKHG4gj2BBEDRdThb98fTtuJ
sWl81aGRiB6bO41ZaOvaNxSgkhiw+u9tp4R5WvGTYKQ8TMsKv5uJ6H47PZ7d8A+/
Eb8kpDDf7s86pfLRc/mLJ/GwZ2QMXq11ZLuJwdCcPADs/v0HpGSH+dO8LkNzVnG5
nkQsWWNrGQG4DDipC+lH
=Hs9Y
-----END PGP SIGNATURE-----

--zGQnqpIoxlsbsOfg--