This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

setfacl to remove a permission implicit adds another

From: Thomas Wolff <towo at towo dot net>
To: cygwin at cygwin dot com
Date: Fri, 18 Dec 2015 16:29:35 +0100
Subject: setfacl to remove a permission implicit adds another
Authentication-results: sourceware.org; auth=none

For my Desktop folder (as logged below), SYSTEM had group write permission,
other groups did not have write permissions (by mask).
After removing SYSTEM write permission with setfacl,
it was effectively removed for SYSTEM but the other groups got
write permission ADDED instead (as also properly indicated by ls) â
which is kind of the opposite of the intended operation.
Only after removing group write permission with chmod,

a suitable mask was reestablished, effectively restoring the previoussetting.

Why did this specific setfacl operation affect the mask at all?

I know there will be some trade-off in POSIX/Windows interworking ACLhandling,

and the current mechanism has undergone a long phase of considerations
and changes, so if this trade-off is better than others, so be it.
Just wondering.

Kind regards,
Thomas

NB: The purpose of this setting is to prevent stubborn IT managementprocedures from cluttering my desktop with their useless icons:/


user[en_US.UTF-8]:/cygdrive/c/Users/Public: getfacl Desktop
# file: Desktop/
# owner: user
# group: Administrators
user::rwx
group::---
group:BATCH:rwx                         #effective:r-x
group:INTERACTIVE:rwx                   #effective:r-x
group:SERVICE:rwx                       #effective:r-x
group:SYSTEM:rwx
group:Administrators:---
mask:r-x
other:---
default:user::rwx
default:group::---
default:group:BATCH:rwx
default:group:INTERACTIVE:rwx
default:group:SERVICE:rwx
default:group:SYSTEM:rwx
default:mask:rwx
default:other:---

user[en_US.UTF-8]:/cygdrive/c/Users/Public: setfacl -m group:SYSTEM:r-xDesktop

user[en_US.UTF-8]:/cygdrive/c/Users/Public: getfacl Desktop
# file: Desktop/
# owner: user
# group: Administrators
user::rwx
group::---
group:BATCH:rwx
group:INTERACTIVE:rwx
group:SERVICE:rwx
group:SYSTEM:r-x
group:Administrators:---
mask:rwx
other:---
default:user::rwx
default:group::---
default:group:BATCH:rwx
default:group:INTERACTIVE:rwx
default:group:SERVICE:rwx
default:group:SYSTEM:rwx
default:mask:rwx
default:other:---

user[en_US.UTF-8]:/cygdrive/c/Users/Public: ls -ld Desktop
total 9
drwxrwx---+ 1 user       Administrators   0 Dec 18 11:07 Desktop
...
user[en_US.UTF-8]:/cygdrive/c/Users/Public: chmod g-w Desktop
user[en_US.UTF-8]:/cygdrive/c/Users/Public: ls -ld Desktop
total 9
drwxr-x---+ 1 user       Administrators   0 Dec 18 11:07 Desktop
...
user[en_US.UTF-8]:/cygdrive/c/Users/Public: getfacl Desktop
# file: Desktop/
# owner: user
# group: Administrators
user::rwx
group::---
group:BATCH:rwx                         #effective:r-x
group:INTERACTIVE:rwx                   #effective:r-x
group:SERVICE:rwx                       #effective:r-x
group:SYSTEM:r-x
group:Administrators:---
mask:r-x
other:---
default:user::rwx
default:group::---
default:group:BATCH:rwx
default:group:INTERACTIVE:rwx
default:group:SERVICE:rwx
default:group:SYSTEM:rwx
default:mask:rwx
default:other:---


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Follow-Ups:
- Re: setfacl to remove a permission implicit adds another
  - From: Corinna Vinschen
- Re: setfacl to remove a permission implicit adds another
  - From: Thomas Wolff

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]