* setfacl(2.4.0.14): recalculation of the ACL mask entry
@ 2015-12-20 17:53 Houder
2015-12-21 12:46 ` Corinna Vinschen
0 siblings, 1 reply; 4+ messages in thread
From: Houder @ 2015-12-20 17:53 UTC (permalink / raw)
To: cygwin
Hi Corinna,
According to acl(5), the mask entry (as reported by getacl) is
"optional" if the
acl contains no 'u:uid:perm' and/or 'g:gid:perm' entries (ace's) ...
Ahem.
VALID ACLs (from acl(5) )
A valid ACL contains exactly one entry with each of the
ACL_USER_OBJ,
ACL_GROUP_OBJ, and ACL_OTHER tag types. Entries with ACL_USER and
ACL_GROUP tag types may appear zero or more times in an ACL. An ACL
that contains entries of ACL_USER or ACL_GROUP tag types must
contain
exactly one entry of the ACL_MASK tag type. If an ACL contains no
entries of ACL_USER or ACL_GROUP tag types, the ACL_MASK entry is
optional.
However, setfacl(1) and your setfacl also note, that the default
behaviour of
setfacl is to recalculate the mask entry ...
%% setfacl -h
Usage: setfacl [-n] {-f ACL_FILE | -s acl_entries} FILE...
setfacl [-n] {[-bk]|[-x acl_entries] [-m acl_entries]} FILE...
[snip]
-n, --no-mask
Valid in conjunction with -m. Do not recalculate the effective rights
mask. The default behavior of setfacl is to recalculate the ACL mask
entry,
unless a mask entry was explicitly given. The mask entry is set to
the
union of all permissions of the owning group, and all named user and
group
entries. (These are exactly the entries affected by the mask entry).
[snip]
I decided to experiment ... See below. (the mask entry is not
recalculated, it
appears).
Regards,
Henri
-----
%% uname -a
CYGWIN_NT-6.1-WOW Seven 2.4.0(0.292/5/3) 2015-12-20 13:18 i686 Cygwin
%% id
uid=1000(Henri) gid=513(None)
groups=513(None),1007(HelpLibraryUpdaters),559(Performance Log
Users),545(Users),11(Authenticated Users)
%% touch foo.txt
%% getfacl foo.txt
# file: foo.txt
# owner: Henri
# group: None
user::rw-
group::r--
other:r--
%% setfacl -m g:Replicator:rw- foo.txt
%% getfacl foo.txt
# file: foo.txt
# owner: Henri
# group: None
user::rw-
group::r--
group:Replicator:rw-
mask:rw-
other:r--
%% setfacl -x g:Replicator: foo.txt # and remove it again
%% getfacl foo.txt
# file: foo.txt
# owner: Henri
# group: None
user::rw-
group::r--
mask:rw- <==== mask is now optional according to acl(5), but ...
other:r--
%% ls -l foo.txt
-rw-rw-r-- 1 Henri None 0 Dec 20 17:59 foo.txt <==== OK, but ...
%%
Ok, the permissions correspond with the mask (see acl(5) ), but
according to setfacl(1),
the mask should have been recalculated ...
According to acl(5):
ACL ENTRIES
ACL_MASK The ACL_MASK entry denotes the maximum access
rights that can be granted by entries of type
ACL_USER, ACL_GROUP_OBJ, or ACL_GROUP.
Recalculation by me in this case, yields: mask:r--
(perhaps, as suggested by Sam, I should retire ... it is all getting
beyond
simple is it not?)
### switch from user Henri to user Test
(can another user with the same gid, modify the file?)
%% pwd
/home/Test
%% cd ../Henri
%% id
uid=1006(Test) gid=513(None)
groups=513(None),545(Users),11(Authenticated Users)
%% ls -l foo.txt
-rw-rw-r-- 1 Henri None 0 Dec 20 17:59 foo.txt
%% echo Corinna > foo.txt
bash: foo.txt: Permission denied <==== OK, but the permissions as shown,
are
misleading, are they not?
%%
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: setfacl(2.4.0.14): recalculation of the ACL mask entry
2015-12-20 17:53 setfacl(2.4.0.14): recalculation of the ACL mask entry Houder
@ 2015-12-21 12:46 ` Corinna Vinschen
2015-12-21 13:11 ` Houder
0 siblings, 1 reply; 4+ messages in thread
From: Corinna Vinschen @ 2015-12-21 12:46 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1176 bytes --]
On Dec 20 18:52, Houder wrote:
> Hi Corinna,
>
> According to acl(5), the mask entry (as reported by getacl) is "optional" if
> the
> acl contains no 'u:uid:perm' and/or 'g:gid:perm' entries (ace's) ... Ahem.
> [...]
> However, setfacl(1) and your setfacl also note, that the default behaviour
> of
> setfacl is to recalculate the mask entry ...
> [...]
> I decided to experiment ... See below. (the mask entry is not recalculated,
> it
> appears).
It is, but only in a limit number of scenarios. I completely forgot
about recalculating when deleteing ACEs, in fact. I checked this
against setfacl on Linux again, appied a patch and uploaded a new test
release 2.4.0-0.15. The mask recalculation behaviour should now be
as close as possible to Linux, I hope. I also renamed the --substitute
option to --set, as with Linux setfacl.
Please give it a try. Just, if it's still wrong, I guess a patch has
to wait until after the holidays.
Thanks a lot for testing this so extensively,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: setfacl(2.4.0.14): recalculation of the ACL mask entry
2015-12-21 12:46 ` Corinna Vinschen
@ 2015-12-21 13:11 ` Houder
2015-12-21 15:04 ` Corinna Vinschen
0 siblings, 1 reply; 4+ messages in thread
From: Houder @ 2015-12-21 13:11 UTC (permalink / raw)
To: cygwin
On 2015-12-21 13:46, Corinna Vinschen wrote:
> On Dec 20 18:52, Houder wrote:
>> Hi Corinna,
>>
>> According to acl(5), the mask entry (as reported by getacl) is
>> "optional" if
>> the
>> acl contains no 'u:uid:perm' and/or 'g:gid:perm' entries (ace's) ...
>> Ahem.
>> [...]
>> However, setfacl(1) and your setfacl also note, that the default
>> behaviour
>> of
>> setfacl is to recalculate the mask entry ...
>> [...]
>> I decided to experiment ... See below. (the mask entry is not
>> recalculated,
>> it
>> appears).
>
> It is, but only in a limit number of scenarios. I completely forgot
> about recalculating when deleteing ACEs, in fact. I checked this
> against setfacl on Linux again, appied a patch and uploaded a new test
> release 2.4.0-0.15. The mask recalculation behaviour should now be
> as close as possible to Linux, I hope. I also renamed the --substitute
> option to --set, as with Linux setfacl.
>
> Please give it a try. Just, if it's still wrong, I guess a patch has
> to wait until after the holidays.
Euh ... no problem here. Go, have a holiday!
Regards,
Henri
>
>
> Thanks a lot for testing this so extensively,
> Corinna
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: setfacl(2.4.0.14): recalculation of the ACL mask entry
2015-12-21 13:11 ` Houder
@ 2015-12-21 15:04 ` Corinna Vinschen
0 siblings, 0 replies; 4+ messages in thread
From: Corinna Vinschen @ 2015-12-21 15:04 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1353 bytes --]
On Dec 21 14:11, Houder wrote:
> On 2015-12-21 13:46, Corinna Vinschen wrote:
> >On Dec 20 18:52, Houder wrote:
> >>Hi Corinna,
> >>
> >>According to acl(5), the mask entry (as reported by getacl) is
> >>"optional" if
> >>the
> >>acl contains no 'u:uid:perm' and/or 'g:gid:perm' entries (ace's) ...
> >>Ahem.
> >>[...]
> >>However, setfacl(1) and your setfacl also note, that the default
> >>behaviour
> >>of
> >>setfacl is to recalculate the mask entry ...
> >>[...]
> >>I decided to experiment ... See below. (the mask entry is not
> >>recalculated,
> >>it
> >>appears).
> >
> >It is, but only in a limit number of scenarios. I completely forgot
> >about recalculating when deleteing ACEs, in fact. I checked this
> >against setfacl on Linux again, appied a patch and uploaded a new test
> >release 2.4.0-0.15. The mask recalculation behaviour should now be
> >as close as possible to Linux, I hope. I also renamed the --substitute
> >option to --set, as with Linux setfacl.
> >
> >Please give it a try. Just, if it's still wrong, I guess a patch has
> >to wait until after the holidays.
>
> Euh ... no problem here. Go, have a holiday!
Thanks :)
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-12-21 15:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-20 17:53 setfacl(2.4.0.14): recalculation of the ACL mask entry Houder
2015-12-21 12:46 ` Corinna Vinschen
2015-12-21 13:11 ` Houder
2015-12-21 15:04 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).