This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: group permissions
- From: Andrey Repin <anrdaemon at yandex dot ru>
- To: Thomas Wolff <towo at towo dot net>, cygwin at cygwin dot com
- Date: Mon, 9 Feb 2015 07:09:22 +0300
- Subject: Re: group permissions
- Authentication-results: sourceware.org; auth=none
- References: <54D7EB4E dot 6020105 at towo dot net>
- Reply-to: cygwin at cygwin dot com
Greetings, Thomas Wolff!
> With 1.7.34-6:
>> - the fixes in POSIX ACL handling and the effect this has on the standard
>> POSIX group permissions, as well as the accompanying new setfacl(1)
>> options -b/--remove-all and -k/--remove-default.
>>
>> Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl
>> andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working
>> andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts
> Group permissions are now composed of multiple ACL entries, like:
> -rw-rwx---+ 1 towo Domain Users 128 Feb 5 13:36 x
> with ACL:
> # file: x
> # owner: towo
> # group: Domain Users
> user::rw-
> group::r-x
> group:SYSTEM:rwx
> mask:rwx
> other:---
> chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x ,
> the g-w bit is gone.
> This is surprising behaviour (and has been discussed in a specific
> context in another thread);
> the explanation is hidden in only roughly related sections of the user
> guide (setfacl) or even the FAQ,
> and is not found in the section Permissions and Security where one would
> look first;
> I suggest to add an illustrative section there.
Perhaps, a link to https://cygwin.com/faq/faq.html#faq.using.ssh-pubkey-stops-working
would suffice.
> However, I am not yet convinced that the explanation makes it less
> surprising from a POSIX point of view because the file does not have the
> group 'SYSTEM' which is responsible for the g+wx flags.
> Maybe ls -l should display a more permissive group (in the example case
> SYSTEM rather than Domain Users) to give the user a hint? How is this
> handled on other ACL systems? (I can check next week.)
See the abovementioned link.
--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 09.02.2015, <07:07>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple