This is the mail archive of the
cygwin
mailing list for the Cygwin project.
ACL weirdness on Cygwin
- From: Eric Blake <ebb9 at byu dot net>
- To: cygwin at cygwin dot com
- Date: Fri, 10 Oct 2008 20:34:56 -0600
- Subject: ACL weirdness on Cygwin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm just as stumped as Bruno on this issue, and don't know if it
represents a bug in cygwin1.dll.
- -------- Original Message --------
[http://lists.gnu.org/archive/html/bug-gnulib/2008-10/msg00195.html]
The test-copy-acl.sh test fails for me on Cygwin.
There appears to be a weird interaction between setting a file mode (chmod)
and setting an ACL. Although on this platform the ACL has entries that
correspond to user/group/other, the mode is *not* part of the ACL for all
files.
The test case showing that 'chmod' influences the ACL is this:
tmpfile4 is a regular file. One calls acl or facl on it with these entries:
(gdb) print entries[0]
$5 = {a_type = 1, a_id = 1006, a_perm = 6}
(gdb) print entries[1]
$6 = {a_type = 4, a_id = 513, a_perm = 0}
(gdb) print entries[2]
$7 = {a_type = 8, a_id = 0, a_perm = 1}
(gdb) print entries[3]
$8 = {a_type = 16, a_id = 4294967295, a_perm = 7}
(gdb) print entries[4]
$9 = {a_type = 32, a_id = 4294967295, a_perm = 4}
Then "getfacl tmpfile4" shows these entries:
user::rw-
group::---
group:root:--x
mask:rwx
other:r--
Looks all right. Then do a chmod 604 on it. Then "getfacl tmpfile4" shows
this:
user::rw-
group::r--
group:root:--x
mask:rwx
other:r--
The "r--" for 'other' has been ORed to the permissions for 'group'!
But there is also an opposite case: setting an ACL changes the mode:
$ echo foo > tmpfile0
$ chmod 600 tmpfile0
$ ls -l tmpfile0
-rw------- 1 haible None 4 Jun 11 21:41 tmpfile0
$ setfacl -m group:0:1 tmpfile0
$ ls -l tmpfile0
-rw-------+ 1 haible None 4 Jun 11 21:41 tmpfile0
$ getfacl tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::---
group:root:--x
mask:rwx
other:---
$ setfacl -m other:4 tmpfile0
$ ls -l tmpfile0
-rw-r--r--+ 1 haible None 4 Jun 11 21:41 tmpfile0
$ getfacl tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::---
group:root:--x
mask:rwx
other:r--
$ chmod 600 tmpfile0
$ ls -l tmpfile0
-rw-------+ 1 haible None 4 Jun 11 21:41 tmpfile0
$ getfacl tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::---
group:root:--x
mask:rwx
other:---
$ chmod 644 tmpfile0
$ ls -l tmpfile0
-rw-r--r--+ 1 haible None 4 Jun 11 21:41 tmpfile0
$ getfacl tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::r--
group:root:--x
mask:rwx
other:r--
If you understand it, congratulations. I don't understand it.
Here's one more experiment, to make your head spin:
$ echo foo > tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
-rw-r--r-- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::r--
mask:rwx
other:r--
$ chmod 664 tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
-rw-rw-r-- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::rw-
mask:rwx
other:r--
$ setfacl -m group::0 tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
-rw-r--r-- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::---
mask:rwx
other:r--
$ setfacl -m other::0 tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
-rw------- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::---
mask:rwx
other:---
$ setfacl -m group::4 tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
-rw-r----- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::r--
mask:rwx
other:---
$ setfacl -m group::0 tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
-rw------- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::---
mask:rwx
other:---
$ setfacl -m other::4 tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
-rw-r--r-- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::---
mask:rwx
other:r--
$ setfacl -m group::2 tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
-rw-rw-r-- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::-w-
mask:rwx
other:r--
$ chmod 664 tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
-rw-rw-r-- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::rw-
group::rw-
mask:rwx
other:r--
$ chmod 064 tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
----rw-r-- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::---
group::rw-
mask:rwx
other:r--
$ setfacl -m other::4 tmpfile0
$ ls -l tmpfile0 ; getfacl tmpfile0
-rw-rw-r-- 1 haible None 4 Jun 11 22:02 tmpfile0
# file: tmpfile0
# owner: haible
# group: None
user::---
group::rw-
mask:rwx
other:r--
It appears that a file can be in two states:
A) the last chmod came after the last setfacl,
B) the last setfacl came after the last chmod.
In case A) the chmod changed the ACL.
user := mode_user
group := mode_group
other := mode_other
In case B) the setfacl changed the mode.
mode_user := user | group | other,
mode_group := group | other,
mode_other := other
But how can you, by looking at a file, tell whether it's in state A or B?
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkjwENAACgkQ84KuGfSFAYDImQCghhCm6hP9f2PjX68TrEjXuW7H
4t4AoKEf+J+ZXEop22S0RDQ0EI+VRmLp
=lqks
-----END PGP SIGNATURE-----
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/