This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: backup privileges [was: [ANNOUNCEMENT] Updated: cygwin-1.5.22-1]


On Thu, 30 Nov 2006, Corinna Vinschen wrote:

> On Nov 30 09:50, Igor Peshansky wrote:
> > Remember how much effort was spent trying to fix Cygwin to work for
> > unprivileged users?  Do you now, all of a sudden, want to break expected
> > behavior for privileged users?
>
> I'm sorry but I really don't understand the problem.  Cygwin allows
> administrators to do more stuff than what they usually can do when
> running a DOS shell, which is, doing stuff which they can do as admins
> under any POSIX system.

I don't believe the mapping is so direct.  Windows's notion of
Administrator is much looser (and less privileged) than the notion of
"root" in Linux.

> POSIX apps running under a privileged account (and the users) usually
> expect to be able to do stuff which they can't when running under a
> non-admin account, for instance, cd'ing into directories which have,
> say, permissions set to a-rwx.

Many POSIX apps also usually check for UID=0 to verify that they *are*
running under a privileged account.  We have told people before that those
are broken, of course, but in reality, there's no easy way to check
whether the account that the app is running under is privileged other than
trying to perform the particular privileged operation and checking the
result.

> This will actually *help* admins to restore screwed up installations.
> This is IMO the right thing to do.

True, it is sometimes helpful to be able to do this.  But most of the time
you want to at least get a notification that extra privileges are needed,
and some mechanism of obtaining those.  I usually think of Administrators
as users with sudo privileges.  They do have the ability to run privileged
commands, but that ability ought to be conditional on performing some
action beforehand (for Cygwin, if we go with, say, a setting in $CYGWIN,
the implementation of sudo may just be a shell with that setting on).

> I didn't expect to get told that this is "breaking" something.  It's
> really weird.  Usually Cygwin gets kicked for non-POSIXy behaviour.
> Apparently there's no way to do something right :(

Hmm, "breaking" was probably too strong of a word.  I just think we'll be
violating the principle of least surprise by allowing such unrestricted
access, "WJM" notwithstanding.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha@cs.nyu.edu | igor@watson.ibm.com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Freedom is just another word for "nothing left to lose"...  -- Janis Joplin

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]