setfacl to remove a permission implicit adds another

[Thomas Wolff]

On 18.12.2015 20:38, EXT Corinna Vinschen wrote:
> On Dec 18 18:11, Corinna Vinschen wrote:
>> On Dec 18 17:14, Thomas Wolff wrote:
>>> I wrote:
>>>> ...
>>>> After removing SYSTEM write permission with setfacl,
>>>> it was effectively removed for SYSTEM but the other groups got
>>>> write permission ADDED instead (as also properly indicated by ls) −
>>>> which is kind of the opposite of the intended operation.
>>> cygwin-2.4.0-0.11, sorry
>> In that case the behaviour is by design.  Try the same on Linux and the
>> result will be the same.  Every time you change group perms, the mask
>> will be changed to reflect the maximum permissions given to any group or
>> seccondary user.  You always have to check the mask or set it explicitely
>> to the desired value.
> I'm sorry, but I forgot to mention an important part:  Recomputing the
> mask is *not* done in the kernel or, in our case, Cygwin.  Rather this
> functionality is part of the setfacl tool.  Setfacl recomputes the mask
> by default.  There's a new option -n/--no-mask as on Linux to retain the
> current mask setting, e.g.
>
>    $ setfacl -n -m g:wheel:r-x file
>
> Try setfacl --help for a comprehensive description of all options.
>
>
> HTH,
Yes, thank you.
Just pondering:
"...the maximum/union of all permissions..." could well be interpreted 
as "... all *effective* permissions"
which would make a difference in the presented case.
Anyway, you are right, this is an upstream design issue. And upstream in 
this case seems to mean referring to a standard that isn't even 
officially available anymore...
------
Thomas

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple