group permissions

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Feb 9 09:14:00 GMT 2015


On Feb  9 00:03, Thomas Wolff wrote:
> With 1.7.34-6:
> > - the fixes in POSIX ACL handling and the effect this has on the standard
> >     POSIX group permissions, as well as the accompanying new setfacl(1)
> >     options -b/--remove-all and -k/--remove-default.
> >
> > Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl
> > andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working
> > andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts
> Group permissions are now composed of multiple ACL entries, like:
> -rw-rwx---+ 1 towo Domain Users   128 Feb  5 13:36 x
> with ACL:
> # file: x
> # owner: towo
> # group: Domain Users
> user::rw-
> group::r-x
> group:SYSTEM:rwx
> mask:rwx
> other:---
> 
> chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x ,
> the g-w bit is gone.  This is surprising behaviour (and has been
> discussed in a specific context in another thread); the explanation is
> hidden in only roughly related sections of the user guide (setfacl) or
> even the FAQ, and is not found in the section Permissions and Security
> where one would look first; I suggest to add an illustrative section
> there.

Yes, sure, why not.  Any idea for a patch?

> However, I am not yet convinced that the explanation makes it less
> surprising from a POSIX point of view because the file does not have
> the group 'SYSTEM' which is responsible for the g+wx flags.  Maybe ls
> -l should display a more permissive group (in the example case SYSTEM
> rather than Domain Users) to give the user a hint? How is this handled
> on other ACL systems? (I can check next week.)

ls shows the primary group of the file and that's not going to change.
The hint that more permissions are given is the '+' sign appened to the
permission bits.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150209/4fff30f0/attachment.sig>


More information about the Cygwin mailing list