[Bug] setup regression #2
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon Nov 21 12:47:29 GMT 2022
On Nov 21 13:39, ASSI wrote:
> Corinna Vinschen writes:
> > The idea is that the installation tree has POSIXy permissions and
> > administrative users have the right to change stuff. The administrators
> > group is part of the user's token if the process has been started
> > elevated, so, to me, this looks like a natural choice.
>
> As I said, I haven't thought through the implications of doing that. We
> certainly haven't done a security audit or anything like that
> w.r.t. group ownership of the Cygwin tree and permission of the
> installed files.
>
> > The other advantage is that the administrators group has a fixed SID on
> > all systems, while other groups depend on the environment. That goes
> > for the local group "None" just as well as for the "Domain Users"
> > group, etc.
>
> Yeah, a local non-domain installation currently installs as "None"
> ("Kein" in german Windows) and domain ones will have "Domain Users"
...both groups using the same RID is no accident @ MSFT :)
Corinna
More information about the Cygwin-apps
mailing list