Solving ntsec problems?

Robert Collins rbcollins@cygwin.com
Sun Nov 3 14:09:00 GMT 2002


On Mon, 2002-11-04 at 08:58, Christopher Faylor wrote:

> OTOH, one thing that we could do is only turn on executable bits that
> exist in the tar archives since those are still available..  We could
> have something which does a fixup only on extracted files which are
> supposed to be executable.

I'd rather extract the ntsec unix->win32 acl logic to a static library
that both cygwin1.dll and setup.exe can incorporate. If the translation
alters in a fundamental way, we can simply relink setup to get a new
version (and with careful thought we could even 'upgrade' all the acls
in the users tree to the new translated fashion when setup runs next).

Setup can track should-be-executable programs, and run a script with all
of them named, but IMO thats a kludge. Giving setup ntsec awareness
(with some additional 'when etc/passwd is missing do foo' logic) is a
generic solution.
 
> >Do we know how those permissions are set? Are they set explicitly
> >by setup, or are they based on the inheritable permissions of the
> >parent directory (default)? If so having the "fixup script/program" 
> >set the parent directory acl properly would be the way to go.
> >Users could control the permissions of new files (say choosing 
> >between 777 and 755) by using the Windows GUI or setfacl to set
> >the default in the parent. 
> 
> Don't know.  Maybe someone who is familiar with setup.exe can chime
> in.

I'd need to check. Corinna contributed some code a while ago IIRC.

Rob
-- 
---
GPG key available at: http://users.bigpond.net.au/robertc/keys.txt.
---
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://cygwin.com/pipermail/cygwin-developers/attachments/20021103/6fec54c0/attachment.sig>


More information about the Cygwin-developers mailing list