This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Question: Desired owner/group when running setup-1.7.exe


Corinna Vinschen wrote:
> On Apr 18 10:13, Charles Wilson wrote:
>> Corinna Vinschen wrote:
>>>   owner: Current user.
>>>   group: The primary group of the account running setup.
>>>   other: Everyone, as usual.
>> Although "current user" is Administrator if you launch setup on Vista as
>> an ordinary user, but you have UAC enabled.
> 
> No, not exactly.  You're still your own self, just with the token
> extended to contain the Administrators group with SE_GROUP_ENABLED flag
> set in the group list, instead of with SE_GROUP_USE_FOR_DENY_ONLY.
> 
> But it doesn't really matter.  If you're running setup as a user which
> is member of the Administrators group, on Vista or earlier, you have the
> Administrators group in your user token.

???

I normally run setup using "Run as administrator" -- but then, of
course, the process is not REALLY elevated until UAC kicks in.  I'm not
in a domain.  So:

$ getfacl /usr/bin/[.exe
# file: /usr/bin/[.exe
# owner: Administrator
# group: None
user::rwx
group::r-x
mask:rwx
other:r-x

Is exactly what you'd expect.  But the Administrators group is nowhere
present.  How does that jibe with the 'token extended to contain the
Administrators group'? Shouldn't there then be an additional entry for
the Administrators group?

> Why?  I mean, why should you have a desire to chown the Cygwin tree?
> The permissions are the ones from the archive.  The owner is the
> Admin's group (sort of root, which is probably what you want anyway),
> and the files created by postinstall scripts will get the right owner
> and permission by the script.

No, in the existing setup, given the case above, the owner is the actual
user used to run setup (in this case, 'Administrator' via the 'Run as
Administrator'.  NOT the AdministratorS group.

> In theory, if we do it that way (assuming solution 3), a chown -R
> should never be necessary.

Well, assuming solution 3...wasn't there a lot of confusion in the 1.3.x
days when if you created a file as Administrator it was always owned by
AdministratorS?  If there were no problems with that behavior, why was
it changed?

>> I think setup should accept three new command-line arguments:
>> --change-owner=
>> --change-group=
>> --add-group-write-permission
> 
> I don't like the idea of additional command line options since it
> doesn't help 99% of the users, which are using setup.exe as a GUI-only
> tool.

That's the case with all of setup's command line options. They are there
specifically to help the 1% of users who need it -- if we choose default
behavior that truly is problem-free for the 99% majority.

--
Chuck


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]