Re: cannot turn off group (None) permissions in 1.7.33-04

[Corinna Vinschen <corinna-cygwin at cygwin dot com>]

On Nov  1 08:16, Stephen Sheldon wrote:
> I had some key files in ~/.ssh.  They looked like this.
> 
> -rw-------+ 1 sheldon None 1.7K Nov  1 07:09 id_rsa
> -rw-r--r--+ 1 sheldon None  401 Nov  1 07:09 id_rsa.pub
> -rw-r--r--+ 1 sheldon None  174 Nov  1 07:09 known_hosts
> 
> After I installed 1.7.33-04 they looked like this.
> 
> -rw-rwx---+ 1 sheldon None 1.7K Nov  1 07:09 id_rsa*
> -rw-rwxr--+ 1 sheldon None  401 Nov  1 07:09 id_rsa.pub*
> -rw-rwxr--+ 1 sheldon None  174 Nov  1 07:09 known_hosts*
> 
> ssh complained about permissions when I tried to log on to another host.  I
> could not change the permissions back with chmod, either with chmod 600 or
> chmod g-w ...

Correct.  This is the result of the change to 1.7.33 to implement
POSIX ACL handling more POSIX-like:

There are permissions on the file given to other users and/or groups
beside the primary user and group.  Per POSIX, the group permission
bits reflect the *sum* of all permission bits granted to other users
and all groups,

To easily get rid of such overly open permissions, I implemented the
new setfacl -b flag:

Initial situation:

  $ touch xxx
  $ ls -l xxx
  -rw-r--r--  1 corinna vinschen 57110 Oct 27 14:47 xxx

Grant permissions to "somebody else":

  $ setfacl -m g:administrators:rwx xxx
  $ getfacl xxx
  # file: xxx
  # owner: corinna
  # group: vinschen
  user::rw-
  group::r--
  group:Administrators:rwx
  mask:rwx
  other:r--

  $ ls -l xxx
  -rw-rwxr--+ 1 corinna vinschen 57110 Oct 27 14:47 xxx

Revert to POSIX-only permissions:

  $ setfacl -b xxx
  $ ls -l xxx
  -rw-r--r--  1 corinna vinschen 57110 Oct 27 14:47 xxx


HTH,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpG1MVNZjFfc.pgp
Description: PGP signature