This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

ntsec & setup

Setup with the new ntsec support has been released for a week. 
Since then I have not seen any permission issues on the list. 
Markus Schönhaber has been very helpful in testing various
configurations. After analyzing them I propose some extra

The main issue is the name "setup.exe" itself, which induces
Windows to launch a Run As pop up when setup is run by
non-privileged users. Answering "yes" allows to set system mounts and
to install Cygwin almost anywhere but it has several drawbacks:
1) Domain users are not included in /etc/passwd
2) The Administrator account may not have Restore privilege
   and chown may fail in postinstall scripts.
3) ls -l may show files without rx access for the user running setup
   if the Administrator account is not in Users and if the directory
   inheritance does not give rx access to Everyone (I have observed
   the two events separately but never together).

I believe setup would be more newbie friendly if the name was 
changed :(

The patch below also introduces two changes:
1) Currently setup only attempts to change its default group to Users
(or Administrators) if it is None. The patch tries all the time.
I have not seen a case where it would hurt. There are typical scenarios 
where it helps, for example when inheritance gives rx access to Users 
but not to Everyone nor to the current user's group.
2) When setup is launched from Windows (but not from Cygwin) by a 
privileged user, files are owned by Administrators. This can lead to
perceived access restrictions for the current user. Also this feature
generates questions on the list. The patch always gives ownership
to the current user (already the case when running from Cygwin).


2003-03-19  Pierre Humblet  <pierre dot humblet at ieee dot org>

	* (set_default_sec): Set token owner from token user.
	Always try to set the token primary group to Users or Admins.

Attachment: main.diff
Description: Text document

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]