This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: remove alternate access method / access control list


On 07/21/2010 11:44 AM, Fred Wheeler wrote:
> chmod affects the access permissions according to the ntsec system,
> but has no effect on this alternate access method.

This is possibly a bug in cygwin.  POSIX says:

http://www.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_04

"An alternate file access control mechanism shall:

    * Specify file permission bits for the file owner class, file group
class, and file other class of that file, corresponding to the access
permissions.
    * Be enabled only by explicit user action, on a per-file basis by
the file owner or a user with appropriate privileges.
    * Be disabled for a file after the file permission bits are changed
for that file with chmod(). "

That is, calling chmod() to change bits should also have the effect of
removing ACLs, per POSIX (although POSIX appears to be silent about the
case of calling chmod() to set the bits to the value they already have).

But you would need to test this on Linux, to see if cygwin behaves the
same as Linux in this regard, or maybe ask the POSIX folks for some
clarification.


Meanwhile, the correct tool to use for this task is setfacl(1).

Also, be aware that directories include inheritance ACLs, and that
inheritance ACLs are probably the main reason that files are created
with additional ACLs that cause ls to list a + for files in the first
place.  Generally, this is a good thing, as removing inheritance ACLs
from directories causes other problems in windows (so removing the +
from ls listings of files is a reasonable goal, but not necessarily
removing the + from ls listings of directories).

-- 
Eric Blake   eblake@redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]