On Apr 1 18:38, Eric Blake wrote: > According to Corinna Vinschen on 4/1/2008 7:44 AM: > | Shouldn't the "nobody" entry > | disappear when calling chmod? That's how I understand the statement in > | the POSIX docs: > | > | "An alternate file access control mechanism shall [...] be disabled for > | a file after the file permission bits are changed for that file with > | chmod( ). The disabling of the alternate mechanism need not disable > | any additional mechanisms supported by an implementation." > | > | Either the ACLs of a file are not an "alternate" access mechanism, > | but an "additional" access mechanism. But that doesn't match the > | description either: > | > | "An additional access control mechanism shall only further restrict > | the access permissions defined by the file permission bits." > > Yes, those were the two paragraphs I was noticing when I made my claim > that cygwin's chmod(2) wasn't obeying POSIX. > > ACLs can serve as both "alternate" (give more rights to some users than > what is implied by the traditional stat bits) and "additional" (restrict > rights to certain users outside of what is shown in the traditional stat > bits). > > | Or, Linux doesn't follow POSIX here, which seems unlikely to me. > > Actually, it seems highly likely to me - after all, at one point, POSIX > considered standardizing a form of ACLs, but it never went anywhere (and > in the meantime, several competing styles of how to implement ACLs cropped > up; Solaris and Linux tackle the issue noticably different, and Selinux > security descriptors are yet another wrinkle in the picture).
In the meantime I tested this scenario on Solaris 9 as well and I found that it behaves exactly as Linux and Cygwin. It's nice to see that both, Linux and Solaris, are following Cygwin's lead here <cough, cough>. Just for the records (again), Cygwin's ACL support is modeled on the Solaris ACL API. > Maybe it's > worth asking on the Austin Group mailing list? I think so, yes. It looks somewhat unusual if two important OSes seem to contradict what's in the specs. Are you going to ask? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
