This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: Question: Desired owner/group when running setup-1.7.exe
On Apr 20 09:41, Charles Wilson wrote:
> Corinna Vinschen wrote:
> > On Apr 18 10:13, Charles Wilson wrote:
> >> Corinna Vinschen wrote:
> >>> owner: Current user.
> >>> group: The primary group of the account running setup.
> >>> other: Everyone, as usual.
> >> Although "current user" is Administrator if you launch setup on Vista as
> >> an ordinary user, but you have UAC enabled.
> >
> > No, not exactly. You're still your own self, just with the token
> > extended to contain the Administrators group with SE_GROUP_ENABLED flag
> > set in the group list, instead of with SE_GROUP_USE_FOR_DENY_ONLY.
> >
> > But it doesn't really matter. If you're running setup as a user which
> > is member of the Administrators group, on Vista or earlier, you have the
> > Administrators group in your user token.
>
> ???
>
> I normally run setup using "Run as administrator" -- but then, of
> course, the process is not REALLY elevated until UAC kicks in. I'm not
> in a domain. So:
>
> $ getfacl /usr/bin/[.exe
> # file: /usr/bin/[.exe
> # owner: Administrator
> # group: None
Ok, we're talking two different approaches I guess. When *I* use an
elevated shell, the files are still owned by me, because my account is a
member of the admins group. From the above I take it that you're
running under a normal user account and elevate to the real
Administrator.
> user::rwx
> group::r-x
> mask:rwx
> other:r-x
>
> Is exactly what you'd expect. But the Administrators group is nowhere
> present. How does that jibe with the 'token extended to contain the
> Administrators group'? Shouldn't there then be an additional entry for
> the Administrators group?
Why? I wasn't talking about file ownership or ACL entries, I was talking
about the user token of the process. Just because a group is in your
token's group list doesn't mean it's used to create an ACL.
> > Why? I mean, why should you have a desire to chown the Cygwin tree?
> > The permissions are the ones from the archive. The owner is the
> > Admin's group (sort of root, which is probably what you want anyway),
> > and the files created by postinstall scripts will get the right owner
> > and permission by the script.
>
> No, in the existing setup, given the case above, the owner is the actual
> user used to run setup (in this case, 'Administrator' via the 'Run as
> Administrator'. NOT the AdministratorS group.
I thought we were talking about the situation after setup has been
changed to create files owned by Administrators.
> > In theory, if we do it that way (assuming solution 3), a chown -R
> > should never be necessary.
>
> Well, assuming solution 3...wasn't there a lot of confusion in the 1.3.x
> days when if you created a file as Administrator it was always owned by
> AdministratorS? If there were no problems with that behavior, why was
> it changed?
That had never anything to do with the Cygwin release since back to 1.0
days. Old Windows NT versions created files with the owner set to
administrators if your account was a member of the admins group.
Sorry, but this is getting too complicated. I thought I'm asking a
simple question. I was just trying to help this along so that the least
number of people have trouble with the default file permissions.
Here's another simple approach:
Keep all ownership as it is. Just add an ACE for the administrators
group with rw- access rights to the ACL of files created/unpacked by
setup.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat