This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Executable bit check


On 11/05/2010 09:55 AM, Illia Bobyr wrote:
> On 11/4/2010 8:14 PM, Larry Hall (Cygwin) wrote:
>> [...]
>>>>> What does 'getfacl abc' say?
>>>>
>>>> $ getfacl abc
>>>> # file: abc
>>>> # owner: ibobyr
>>>> # group: Domain Users
>>>> user::rw-
>>>> group::r--
>>>> group:SYSTEM:rwx
>>>> group:Administrators:rwx
>>>> group:Users:r-x
>>>> mask:rwx
>>>> other:r--

And you probably also have inherited ACLs set on the directory
containing abc.  If you change the directory's ACLs to quit giving
inherited rights to all new files created in that directory, then new
files won't have ACLs that allow execution for SYSTEM, Administrators,
and Users, even when it does not allow execution for the owner, owning
group, or world.

> 
> I wonder what is the behavior on any other system.  Is there anyone with 
> a variant of Unix or Linix with ACLs set up to do the same test?

On Linux:

$ setfacl -m mask:rwx d/f
$ getfacl d/f
# file: d/f
# owner: eblake
# group: eblake
user::rw-
user:dummy:rwx
group::rw-
mask::rwx
other::r--

$ chmod -x d/f
$ getfacl d/f
# file: d/f
# owner: eblake
# group: eblake
user::rw-
user:dummy:rwx			#effective:rw-
group::rwx			#effective:rw-
mask::rw-
other::r--

Interestingly - that means that on Linux, chmod -x changed the mask
entry of the ACLs, such that the effective permissions for the alternate
user are no longer permitted; so even though user dummy has rwx ACLs,
the mask prevents the user from executing the file any more.

Cygwin does not emulate Linux in this regards at the moment, but now
that you have pointed out a simple test case, it may be possible to
patch cygwin1.dll to make the chmod() syscall affect the ACL mask as on
Linux.

> Maybe there is any de facto standard?

ACLs are tricky beasts.  At one point they were proposed for
standardization in POSIX (1003.1e draft 17), but that was withdrawn, so
there's no common document to point to when describing how they should
work.  There are at least 5 known variations of OS interfaces to acls
covered in the gnulib code that underlies coreutils' efforts to preserve
ACLs when using cp -p.  Cygwin's version borrowed more from Solaris'
heritage than Linux.

-- 
Eric Blake   eblake@redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]