On 11/5/2010 11:56 AM, Eric Blake wrote: > [...] > On Linux: > > $ setfacl -m mask:rwx d/f > $ getfacl d/f > # file: d/f > # owner: eblake > # group: eblake > user::rw- > user:dummy:rwx > group::rw- > mask::rwx > other::r-- > > $ chmod -x d/f > $ getfacl d/f > # file: d/f > # owner: eblake > # group: eblake > user::rw- > user:dummy:rwx #effective:rw- > group::rwx #effective:rw- > mask::rw- > other::r-- > > Interestingly - that means that on Linux, chmod -x changed the mask > entry of the ACLs, such that the effective permissions for the alternate > user are no longer permitted; so even though user dummy has rwx ACLs, > the mask prevents the user from executing the file any more. > > Cygwin does not emulate Linux in this regards at the moment, but now > that you have pointed out a simple test case, it may be possible to > patch cygwin1.dll to make the chmod() syscall affect the ACL mask as on > Linux.
It seems that setfacl also does not change the "mask" part on Cygwin: $ getfacl.exe abc # file: abc # owner: ibobyr # group: Domain Users user::rw- group::r-- group:SYSTEM:rwx group:Administrators:rwx group:Users:r-x mask:rwx other:r-- $ setfacl.exe -m mask:rw- abc $ getfacl.exe abc # file: abc # owner: ibobyr # group: Domain Users user::rw- group::r-- group:SYSTEM:rwx group:Administrators:rwx group:Users:r-x mask:rwx other:r-- $ setfacl.exe -m mask:--- abc $ getfacl.exe abc # file: abc # owner: ibobyr # group: Domain Users user::rw- group::r-- group:SYSTEM:rwx group:Administrators:rwx group:Users:r-x mask:rwx other:r--
