setfacl to remove a permission implicit adds another

Corinna Vinschen
Fri Dec 18 19:38:00 GMT 2015

On Dec 18 18:11, Corinna Vinschen wrote:
> On Dec 18 17:14, Thomas Wolff wrote:
> > I wrote:
> > >...
> > >After removing SYSTEM write permission with setfacl,
> > >it was effectively removed for SYSTEM but the other groups got
> > >write permission ADDED instead (as also properly indicated by ls) −
> > >which is kind of the opposite of the intended operation.
> > cygwin-2.4.0-0.11, sorry
> In that case the behaviour is by design.  Try the same on Linux and the
> result will be the same.  Every time you change group perms, the mask
> will be changed to reflect the maximum permissions given to any group or
> seccondary user.  You always have to check the mask or set it explicitely
> to the desired value.

I'm sorry, but I forgot to mention an important part:  Recomputing the
mask is *not* done in the kernel or, in our case, Cygwin.  Rather this
functionality is part of the setfacl tool.  Setfacl recomputes the mask
by default.  There's a new option -n/--no-mask as on Linux to retain the
current mask setting, e.g.

  $ setfacl -n -m g:wheel:r-x file

Try setfacl --help for a comprehensive description of all options.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <>

More information about the Cygwin mailing list