This is the mail archive of the
cygwin-apps-cvs
mailing list for the cygwin-apps project.
[csih] branch master, updated. 7ca191bebb52ae414bb2a2e37ef22d94f2658dc7
- From: corinna at sourceware dot org
- To: cygwin-apps-cvs at sourceware dot org
- Date: 11 Sep 2015 15:17:23 -0000
- Subject: [csih] branch master, updated. 7ca191bebb52ae414bb2a2e37ef22d94f2658dc7
https://sourceware.org/git/gitweb.cgi?p=cygwin-csih.git;h=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7
commit 7ca191bebb52ae414bb2a2e37ef22d94f2658dc7
Author: Takashi Yano <takashi.yano@nifty.ne.jp>
Date: Fri Sep 11 21:33:46 2015 +0900
Group Permissions on root folders problem (Windows 10 TP build 10061)
Hi Corinna,
On Fri, 11 Sep 2015 13:10:12 +0200
Corinna Vinschen wrote:
> In theory, yes. The problem is just that checking the uid/gid equality
> is not safe, given that you can easily create that via passwd/group
> files. What I was thinking of is to convert the uid/gid values into
> SIDs using the `getent' tool and to compare those, along the lines of
>
> uid=$(/usr/bin/stat -c '%u')
> user_sid=$(getent passwd -w $uid | awk -F: '{print $4}')
> gid=$(/usr/bin/stat -c '%g')
> grp_sid=$(getent group -w $gid | awk -F: '{print $4}')
> if [ "${user_sid}" = "${grp_sid}" ]
> ...
>
> Can you check if that works in your env and perhaps create a new patch
> using the SIDs?
I have made a new patch and confirmed that it also works.
Diff:
---
cygwin-service-installation-helper.sh | 18 +++++++++++++++++-
1 files changed, 17 insertions(+), 1 deletions(-)
diff --git a/cygwin-service-installation-helper.sh b/cygwin-service-installation-helper.sh
index 87993be..10ab4fb 100755
--- a/cygwin-service-installation-helper.sh
+++ b/cygwin-service-installation-helper.sh
@@ -2441,6 +2441,12 @@ readonly -f csih_account_has_necessary_privileges
# ======================================================================
_csih_setup()
{
+ local uid
+ local gid
+ local user_sid
+ local grp_sid
+ local perms="d..x..x..[xt]"
+
csih_stacktrace "${@}"
$_csih_trace
if [ "$_csih_setup_already_called" -eq 0 ]
@@ -2461,7 +2467,17 @@ _csih_setup()
csih_error "Problem with LocalSystem or Adminstrator IDs"
fi
- if ! csih_check_dir_perms "${LOCALSTATEDIR}" "d..x..x..[xt]"
+ uid=$(/usr/bin/stat -c '%u' ${LOCALSTATEDIR})
+ gid=$(/usr/bin/stat -c '%g' ${LOCALSTATEDIR})
+ user_sid=$(/usr/bin/getent -w passwd $uid | awk -F: '{print $4}')
+ grp_sid=$(/usr/bin/getent -w group $gid | awk -F: '{print $4}')
+
+ if [ "${user_sid}" = "${grp_sid}" ]
+ then
+ perms="d..x.....[xt]"
+ fi
+
+ if ! csih_check_dir_perms "${LOCALSTATEDIR}" "${perms}"
then
csih_error "Problem with ${LOCALSTATEDIR} directory. Exiting."
fi