group permissions
Thomas Wolff
towo@towo.net
Mon Feb 9 20:20:00 GMT 2015
Am 09.02.2015 um 10:14 schrieb Corinna Vinschen:
> On Feb 9 00:03, Thomas Wolff wrote:
>> With 1.7.34-6:
>>> - the fixes in POSIX ACL handling and the effect this has on the standard
>>> POSIX group permissions, as well as the accompanying new setfacl(1)
>>> options -b/--remove-all and -k/--remove-default.
>>>
>>> Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl
>>> andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working
>>> andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts
>> Group permissions are now composed of multiple ACL entries, like:
>> -rw-rwx---+ 1 towo Domain Users 128 Feb 5 13:36 x
>> with ACL:
>> # file: x
>> # owner: towo
>> # group: Domain Users
>> user::rw-
>> group::r-x
>> group:SYSTEM:rwx
>> mask:rwx
>> other:---
>>
>> chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x ,
>> the g-w bit is gone. This is surprising behaviour (and has been
>> discussed in a specific context in another thread); the explanation is
>> hidden in only roughly related sections of the user guide (setfacl) or
>> even the FAQ, and is not found in the section Permissions and Security
>> where one would look first; I suggest to add an illustrative section
>> there.
> Yes, sure, why not. Any idea for a patch?
>
>> However, I am not yet convinced that the explanation makes it less
>> surprising from a POSIX point of view because the file does not have
>> the group 'SYSTEM' which is responsible for the g+wx flags. Maybe ls
>> -l should display a more permissive group (in the example case SYSTEM
>> rather than Domain Users) to give the user a hint? How is this handled
>> on other ACL systems? (I can check next week.)
> ls shows the primary group of the file and that's not going to change.
> The hint that more permissions are given is the '+' sign appened to the
> permission bits.
I checked on a Ubuntu system where behaviour is more intuitive by some
functionally added by chmod; it implicitly modifies the âmaskâ entry to
achieve exactly the effect most likely to be desired by chmod (showing
only the group-relevant output lines of getfacl below):
Cygwin:
> ls -l x; getfacl x
-rw-r--r-- 1 me Domain Users 0 Feb 9 15:04 x
group::r--
> setfacl -m group:Users:rwx x
> ls -l x; getfacl x
-rw-rwxr--+ 1 me Domain Users 0 Feb 9 15:04 x
group::r--
group:Users:rwx
mask:rwx
> chmod g-wx x
> ls -l x; getfacl x
-rw-rwxr--+ 1 me Domain Users 0 Feb 9 15:04 x
group::r--
group:Users:rwx
mask:rwx
Ubuntu:
> ls -l x; getfacl x
-rw-r--r-- 1 xubuntu xubuntu 0 Feb 9 15:04 x
group::r--
> setfacl -m group:adm:rwx x
> ls -l x; getfacl x
-rw-rwxr--+ 1 xubuntu xubuntu 0 Feb 9 15:04 x
group::r--
group:adm:rwx
mask:rwx
> chmod g-wx x
> ls -l x; getfacl x
-rw-r--r--+ 1 xubuntu xubuntu 0 Feb 9 15:04 x
group::r--
group:adm:rwx #effective:r--
mask:r--
------
Thomas
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list