* How to remove pesky persistent +x bits that chmod -x won't remove
@ 2016-05-20 1:01 Warren Young
2016-05-21 0:04 ` Warren Young
0 siblings, 1 reply; 2+ messages in thread
From: Warren Young @ 2016-05-20 1:01 UTC (permalink / raw)
To: The Cygwin Mailing List
I think I have an ACL inheritance problem. Here’s the scenario:
$ ls -l Protocol.md ## Boo, bad permissions; shouldn’t be +x!
-rwxr--r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*
$ chmod -x Protocol.md
$ ls -l Protocol.md ## Still +x! Did I stutter?
-rwxr--r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*
$ icacls.exe Protocol.md ## Okayyy…lots of X’s
Protocol.md NULL SID:(DENY)(Rc,S,X,DC)
MOSSYMAZE\Warren:(R,W,D,WDAC,WO)
MOSSYMAZE\Warren:(DENY)(S,X)
NT AUTHORITY\SYSTEM:(DENY)(S,X)
BUILTIN\Administrators:(DENY)(S,X)
MOSSYMAZE\Warren:(RX)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
Everyone:(R)
Successfully processed 1 files; Failed processing 0 files
$ icacls Protocol.md /reset ## Nuke the X’s!
processed file: Protocol.md
Successfully processed 1 files; Failed processing 0 files
$ ls -l Protocol.md ## Still +x!
-rwx---r-x+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*
$ chmod -x Protocol.md ## Ah, *now* it will listen to me.
$ ls -l Protocol.md
-rw----r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md
$ icacls.exe Protocol.md ## Clear as mud
Protocol.md NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
MOSSYMAZE\Warren:(I)(F)
Everyone:(I)(RX)
I assume this is happening because something farther up the directory tree keeps reapplying the +x bit to this file, but I can’t see what from the icacls output. Is there a tool that will give me a tree view so I can see what’s applied at each level? Failing that, do I just run icacls on every parent directory of this file? And then what? I don’t think I dare /reset all permissions clear back to the root.
This 2-step permission fix is getting old, because the bad permissions come back again every time something rewrites one of the affected files.
For what it’s worth, setfacl -bk followed by a chmod -x sometimes always fixes this. I’m just using icacls above because its output seems clearer, probably because it’s NTFS-native, not reinterpreting everything through a POSIX lens.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: How to remove pesky persistent +x bits that chmod -x won't remove
2016-05-20 1:01 How to remove pesky persistent +x bits that chmod -x won't remove Warren Young
@ 2016-05-21 0:04 ` Warren Young
0 siblings, 0 replies; 2+ messages in thread
From: Warren Young @ 2016-05-21 0:04 UTC (permalink / raw)
To: The Cygwin Mailing List
On May 19, 2016, at 7:01 PM, Warren Young <wyml@etr-usa.com> wrote:
>
> For what it’s worth, setfacl -bk followed by a chmod -x sometimes always fixes this.
I’ve solved this by applying that fix to the affected directory trees in bulk:
$ find foo bar baz -exec setfacl -kb {} \;
Heavy-handed, but it works.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-05-21 0:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-20 1:01 How to remove pesky persistent +x bits that chmod -x won't remove Warren Young
2016-05-21 0:04 ` Warren Young
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).