This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: group permissions


Greetings, Thomas Wolff!

> With 1.7.34-6:
 >> - the fixes in POSIX ACL handling and the effect this has on the standard
 >>     POSIX group permissions, as well as the accompanying new setfacl(1)
 >>     options -b/--remove-all and -k/--remove-default.
 >>
 >> Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl
 >> andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working
 >> andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts
> Group permissions are now composed of multiple ACL entries, like:
> -rw-rwx---+ 1 towo Domain Users   128 Feb  5 13:36 x
> with ACL:
> # file: x
> # owner: towo
> # group: Domain Users
> user::rw-
> group::r-x
> group:SYSTEM:rwx
> mask:rwx
> other:---

> chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x ,
> the g-w bit is gone.
> This is surprising behaviour (and has been discussed in a specific
> context in another thread);
> the explanation is hidden in only roughly related sections of the user
> guide (setfacl) or even the FAQ,
> and is not found in the section Permissions and Security where one would
> look first;
> I suggest to add an illustrative section there.

Perhaps, a link to https://cygwin.com/faq/faq.html#faq.using.ssh-pubkey-stops-working
would suffice.

> However, I am not yet convinced that the explanation makes it less
> surprising from a POSIX point of view because the file does not have the
> group 'SYSTEM' which is responsible for the g+wx flags.
> Maybe ls -l should display a more permissive group (in the example case
> SYSTEM rather than Domain Users) to give the user a hint? How is this
> handled on other ACL systems? (I can check next week.)

See the abovementioned link.


--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 09.02.2015, <07:07>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]