This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: setfacl to remove a permission implicit adds another

On Dec 21 14:13, Thomas Wolff wrote:
> On 18.12.2015 20:38, EXT Corinna Vinschen wrote:
> >On Dec 18 18:11, Corinna Vinschen wrote:
> >>On Dec 18 17:14, Thomas Wolff wrote:
> >>>I wrote:
> >>>>...
> >>>>After removing SYSTEM write permission with setfacl,
> >>>>it was effectively removed for SYSTEM but the other groups got
> >>>>write permission ADDED instead (as also properly indicated by ls) â
> >>>>which is kind of the opposite of the intended operation.
> >>>cygwin-2.4.0-0.11, sorry
> >>In that case the behaviour is by design.  Try the same on Linux and the
> >>result will be the same.  Every time you change group perms, the mask
> >>will be changed to reflect the maximum permissions given to any group or
> >>seccondary user.  You always have to check the mask or set it explicitely
> >>to the desired value.
> >I'm sorry, but I forgot to mention an important part:  Recomputing the
> >mask is *not* done in the kernel or, in our case, Cygwin.  Rather this
> >functionality is part of the setfacl tool.  Setfacl recomputes the mask
> >by default.  There's a new option -n/--no-mask as on Linux to retain the
> >current mask setting, e.g.
> >
> >   $ setfacl -n -m g:wheel:r-x file
> >
> >Try setfacl --help for a comprehensive description of all options.
> >
> >
> >HTH,
> Yes, thank you.
> Just pondering:
> "...the maximum/union of all permissions..." could well be interpreted as
> "... all *effective* permissions"

Uh, no.  The effective permissions are a *result* of applying the mask,
so they can't constitute the mask.  Stimulus/response are unambiguously
defined here.

> which would make a difference in the presented case.
> Anyway, you are right, this is an upstream design issue. And upstream in
> this case seems to mean referring to a standard that isn't even officially
> available anymore...

Heh, yes.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: signature.asc
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]