/usr/local, /var and */tmp in c:\Users\Public

Corinna Vinschen corinna-cygwin@cygwin.com
Thu Nov 13 21:30:00 GMT 2014 

On Nov 13 14:09, Warren Young wrote:
> On Nov 13, 2014, at 2:33 AM, Corinna Vinschen <corinna-cygwin@cygwin.com> wrote:
> 
> > On Nov 12 17:19, Warren Young wrote:
> >> 
> >> I’m not advocating that step so early, but maybe if this breakup does
> >> happen, a few years later setup.exe can start applying some strong
> >> ACLs to files it writes.
> > 
> > ??? What "strong" ACLs?
> 
> The ones that are not there right now. :)
> 
> Just to pick a random example:
> 
> $ ls -l /bin/ls.exe
> -rwxrwxr-x 1 Warren None 116253 Oct 13 10:12 /bin/ls.exe
> 
> The same file’s permissions, from Windows’ perspective:
> 
> http://etr-usa.com/cygwin/ls-perms.png

icacls output would be more helpful than a picture.

However, this isn't really a problem.  The group permissions are
apparently faked by Cygwin, they don't reflect the reality.  I just
don't remember why this is done, it's probably old.  Have to check...

> So, just because I installed Cygwin with my regular user account, I
> get permission to rewrite ls.exe.  This is not a good thing, if our
> goal is to make Cygwin work like Linux while working *within* the
> Windows environment.  

> IMHO, the way to meet both goals simultaneously is to put programs in
> c:\Program Files,

No, sorry, but no.  We're certainly not going to turn everything upside
down installation-wise.  If you want Cygwin installed into Program
Files, just change it in the GUI.

> and to give full-control perms to the local
> Administrator account in the SAM case, or possibly the domain one in
> the AD case.

BTDT.  The code is still in Setup, just doesn't run anymore.  The idea
was to install with user and group set to Administator/ Administrators,
but we had some complaints and the code got deactivated.  We can
reactivate the Administrators group, but that still requires to run
Setup elevated.  It doesn't work when running under a non-admin account.

However, the *other* idea is that if you install with an elevated Setup,
your account is an admin account anyway.  Ideally when you install
Cygwin for multiple users, you're using an account you're not using for
daily usage.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20141113/df97e06b/attachment.sig>

More information about the Cygwin mailing list