setfacl to remove a permission implicit adds another
Corinna Vinschen
corinna-cygwin@cygwin.com
Fri Dec 18 19:38:00 GMT 2015
On Dec 18 18:11, Corinna Vinschen wrote:
> On Dec 18 17:14, Thomas Wolff wrote:
> > I wrote:
> > >...
> > >After removing SYSTEM write permission with setfacl,
> > >it was effectively removed for SYSTEM but the other groups got
> > >write permission ADDED instead (as also properly indicated by ls) −
> > >which is kind of the opposite of the intended operation.
> > cygwin-2.4.0-0.11, sorry
>
> In that case the behaviour is by design. Try the same on Linux and the
> result will be the same. Every time you change group perms, the mask
> will be changed to reflect the maximum permissions given to any group or
> seccondary user. You always have to check the mask or set it explicitely
> to the desired value.
I'm sorry, but I forgot to mention an important part: Recomputing the
mask is *not* done in the kernel or, in our case, Cygwin. Rather this
functionality is part of the setfacl tool. Setfacl recomputes the mask
by default. There's a new option -n/--no-mask as on Linux to retain the
current mask setting, e.g.
$ setfacl -n -m g:wheel:r-x file
Try setfacl --help for a comprehensive description of all options.
HTH,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20151218/150143a8/attachment.sig>
More information about the Cygwin
mailing list