setfacl to remove a permission implicit adds another
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon Dec 21 15:03:00 GMT 2015
On Dec 21 14:13, Thomas Wolff wrote:
> On 18.12.2015 20:38, EXT Corinna Vinschen wrote:
> >On Dec 18 18:11, Corinna Vinschen wrote:
> >>On Dec 18 17:14, Thomas Wolff wrote:
> >>>I wrote:
> >>>>...
> >>>>After removing SYSTEM write permission with setfacl,
> >>>>it was effectively removed for SYSTEM but the other groups got
> >>>>write permission ADDED instead (as also properly indicated by ls) −
> >>>>which is kind of the opposite of the intended operation.
> >>>cygwin-2.4.0-0.11, sorry
> >>In that case the behaviour is by design. Try the same on Linux and the
> >>result will be the same. Every time you change group perms, the mask
> >>will be changed to reflect the maximum permissions given to any group or
> >>seccondary user. You always have to check the mask or set it explicitely
> >>to the desired value.
> >I'm sorry, but I forgot to mention an important part: Recomputing the
> >mask is *not* done in the kernel or, in our case, Cygwin. Rather this
> >functionality is part of the setfacl tool. Setfacl recomputes the mask
> >by default. There's a new option -n/--no-mask as on Linux to retain the
> >current mask setting, e.g.
> >
> > $ setfacl -n -m g:wheel:r-x file
> >
> >Try setfacl --help for a comprehensive description of all options.
> >
> >
> >HTH,
> Yes, thank you.
> Just pondering:
> "...the maximum/union of all permissions..." could well be interpreted as
> "... all *effective* permissions"
Uh, no. The effective permissions are a *result* of applying the mask,
so they can't constitute the mask. Stimulus/response are unambiguously
defined here.
> which would make a difference in the presented case.
> Anyway, you are right, this is an upstream design issue. And upstream in
> this case seems to mean referring to a standard that isn't even officially
> available anymore...
Heh, yes.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20151221/50bc81b0/attachment.sig>
More information about the Cygwin
mailing list