Greg Freemyer wrote:
Linda,
I saved your script as "lsacl.txt". Then I used "cp lsacl.txt it" to
make a copy.
The copy is permission denied for reading. Basic ls -l shows no
difference (as expected)
$ ls -l lsacl.sh it
----rwx---+ 1 gaf None 1630 Sep 24 12:05 it
----rwx---+ 1 gaf None 1630 Sep 24 12:00 lsacl.sh
But your script does show a difference:
$ ./lsacl.sh lsacl.sh it
[u::---,g::---,g:root:rwx,g:Authenticated
Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---/] lsacl.sh
[u::---,g::r-x,g:root:rwx,g:Authenticated
Users:rwx,g:SYSTEM:rwx,g:Users:r-x,m:rwx,o:---/] it
---
Well user 'gaf' (that's you, from the file perms has no access).
So up front, you are denied before anything happens.
lsacl is the embedded acl (the '+') at the end of the file perms
u::--- = user seen by 'ls -l' has no access,
g::--- = group seen by 'ls -l has no access
g:root:rwx = group root has read/write/execute access
g:Authenticated Users:rwx == group consisting of Authenticated Users...
(after you login or provide credentials).
m:rwx m = a maximum allowed privs 'mask' for user/groups other
than owner, but since all bits are turned on, it has no limiting
effect
o:--- = other has no access
So the main take-away is that since your 'user' has no
access, pretty much everything else is ignored.
From the mode-bits+acl, amost anyone in the groups:
root, Authenticated Users,SYSTEM, or Users,
***except** User 'gaf' (you) should have access...
you might try
1) chmod u+rwx file ...
then look at both mode+acl... if you have no access
and acl still says u::---, then nuke the acl
or modify it with "setfacl" (setfacl --help)...
We seem to travel the same mailing lists. This is my first time to cygwin's.
----
Yeah... I wondered about that -- my Tbird tried to change my
reply addr to suse(at)tlinx based on you being the 1st address I typed
in... ;-)
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
