setfacl to remove a permission implicit adds another
Thomas Wolff
towo@towo.net
Mon Dec 21 13:13:00 GMT 2015
On 18.12.2015 20:38, EXT Corinna Vinschen wrote:
> On Dec 18 18:11, Corinna Vinschen wrote:
>> On Dec 18 17:14, Thomas Wolff wrote:
>>> I wrote:
>>>> ...
>>>> After removing SYSTEM write permission with setfacl,
>>>> it was effectively removed for SYSTEM but the other groups got
>>>> write permission ADDED instead (as also properly indicated by ls) â
>>>> which is kind of the opposite of the intended operation.
>>> cygwin-2.4.0-0.11, sorry
>> In that case the behaviour is by design. Try the same on Linux and the
>> result will be the same. Every time you change group perms, the mask
>> will be changed to reflect the maximum permissions given to any group or
>> seccondary user. You always have to check the mask or set it explicitely
>> to the desired value.
> I'm sorry, but I forgot to mention an important part: Recomputing the
> mask is *not* done in the kernel or, in our case, Cygwin. Rather this
> functionality is part of the setfacl tool. Setfacl recomputes the mask
> by default. There's a new option -n/--no-mask as on Linux to retain the
> current mask setting, e.g.
>
> $ setfacl -n -m g:wheel:r-x file
>
> Try setfacl --help for a comprehensive description of all options.
>
>
> HTH,
Yes, thank you.
Just pondering:
"...the maximum/union of all permissions..." could well be interpreted
as "... all *effective* permissions"
which would make a difference in the presented case.
Anyway, you are right, this is an upstream design issue. And upstream in
this case seems to mean referring to a standard that isn't even
officially available anymore...
------
Thomas
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list