Greetings, Thomas Wolff! > With 1.7.34-6: >> - the fixes in POSIX ACL handling and the effect this has on the standard >> POSIX group permissions, as well as the accompanying new setfacl(1) >> options -b/--remove-all and -k/--remove-default. >> >> Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl >> andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working >> andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts > Group permissions are now composed of multiple ACL entries, like: > -rw-rwx---+ 1 towo Domain Users 128 Feb 5 13:36 x > with ACL: > # file: x > # owner: towo > # group: Domain Users > user::rw- > group::r-x > group:SYSTEM:rwx > mask:rwx > other:---
> chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x , > the g-w bit is gone. > This is surprising behaviour (and has been discussed in a specific > context in another thread); > the explanation is hidden in only roughly related sections of the user > guide (setfacl) or even the FAQ, > and is not found in the section Permissions and Security where one would > look first; > I suggest to add an illustrative section there. Perhaps, a link to https://cygwin.com/faq/faq.html#faq.using.ssh-pubkey-stops-working would suffice. > However, I am not yet convinced that the explanation makes it less > surprising from a POSIX point of view because the file does not have the > group 'SYSTEM' which is responsible for the g+wx flags. > Maybe ls -l should display a more permissive group (in the example case > SYSTEM rather than Domain Users) to give the user a hint? How is this > handled on other ACL systems? (I can check next week.) See the abovementioned link. -- WBR, Andrey Repin (anrdae...@yandex.ru) 09.02.2015, <07:07> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
