This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

How to remove pesky persistent +x bits that chmod -x won't remove

From: Warren Young <wyml at etr-usa dot com>
To: The Cygwin Mailing List <cygwin at cygwin dot com>
Date: Thu, 19 May 2016 19:01:32 -0600
Subject: How to remove pesky persistent +x bits that chmod -x won't remove
Authentication-results: sourceware.org; auth=none

I think I have an ACL inheritance problem.  Hereâs the scenario:

$ ls -l Protocol.md       ## Boo, bad permissions; shouldnât be +x!
-rwxr--r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*

$ chmod -x Protocol.md
$ ls -l Protocol.md       ## Still +x!  Did I stutter?
-rwxr--r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*

$ icacls.exe Protocol.md  ## Okayyyâlots of Xâs
Protocol.md NULL SID:(DENY)(Rc,S,X,DC)
            MOSSYMAZE\Warren:(R,W,D,WDAC,WO)
            MOSSYMAZE\Warren:(DENY)(S,X)
            NT AUTHORITY\SYSTEM:(DENY)(S,X)
            BUILTIN\Administrators:(DENY)(S,X)
            MOSSYMAZE\Warren:(RX)
            NT AUTHORITY\SYSTEM:(RX,W)
            BUILTIN\Administrators:(RX,W)
            Everyone:(R)

Successfully processed 1 files; Failed processing 0 files

$ icacls Protocol.md /reset  ## Nuke the Xâs!
processed file: Protocol.md
Successfully processed 1 files; Failed processing 0 files

$ ls -l Protocol.md          ## Still +x!
-rwx---r-x+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*

$ chmod -x Protocol.md       ## Ah, *now* it will listen to me.
$ ls -l Protocol.md
-rw----r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md

$ icacls.exe Protocol.md     ## Clear as mud
Protocol.md NT AUTHORITY\SYSTEM:(I)(F)
            BUILTIN\Administrators:(I)(F)
            MOSSYMAZE\Warren:(I)(F)
            Everyone:(I)(RX)



I assume this is happening because something farther up the directory tree keeps reapplying the +x bit to this file, but I canât see what from the icacls output.  Is there a tool that will give me a tree view so I can see whatâs applied at each level?  Failing that, do I just run icacls on every parent directory of this file?  And then what?  I donât think I dare /reset all permissions clear back to the root.

This 2-step permission fix is getting old, because the bad permissions come back again every time something rewrites one of the affected files.

For what itâs worth, setfacl -bk followed by a chmod -x sometimes always fixes this.  Iâm just using icacls above because its output seems clearer, probably because itâs NTFS-native, not reinterpreting everything through a POSIX lens.
--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Follow-Ups:
- Re: How to remove pesky persistent +x bits that chmod -x won't remove
  - From: Warren Young

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]