group permissions

Mon Feb 9 04:20:00 GMT 2015

Greetings, Thomas Wolff!
> With 1.7.34-6:
 >> - the fixes in POSIX ACL handling and the effect this has on the standard
 >> POSIX group permissions, as well as the accompanying new setfacl(1)
 >> options -b/--remove-all and -k/--remove-default.
 >>
 >> Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl
 >> andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working
 >> andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts
> Group permissions are now composed of multiple ACL entries, like:
> -rw-rwx---+ 1 towo Domain Users 128 Feb 5 13:36 x
> with ACL:
> # file: x
> # owner: towo
> # group: Domain Users
> user::rw-
> group::r-x
> group:SYSTEM:rwx
> mask:rwx
> other:---

> chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x ,
> the g-w bit is gone.
> This is surprising behaviour (and has been discussed in a specific
> context in another thread);
> the explanation is hidden in only roughly related sections of the user
> guide (setfacl) or even the FAQ,
> and is not found in the section Permissions and Security where one would
> look first;
> I suggest to add an illustrative section there.

Perhaps, a link to https://cygwin.com/faq/faq.html#faq.using.ssh-pubkey-stops-working
would suffice.
> However, I am not yet convinced that the explanation makes it less
> surprising from a POSIX point of view because the file does not have the
> group 'SYSTEM' which is responsible for the g+wx flags.
> Maybe ls -l should display a more permissive group (in the example case
> SYSTEM rather than Domain Users) to give the user a hint? How is this
> handled on other ACL systems? (I can check next week.)

See the abovementioned link.
--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 09.02.2015, <07:07>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple