This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Question: Desired owner/group when running setup-1.7.exe


On Mon, Apr 20, 2009 at 18:30, Corinna Vinschen wrote:
>
> I just re-thought the problem and came to a different idea. ÂThe whole
> problem seems tyo boil down to other administrators not bein able to
> manipulate Cygwin files in, say, /bin or /usr. ÂBut that's not really
> a problem since all Admin users have the right to manipulate all files,
> same as the "root" user on POSIX systems. ÂThere's actually no reason
> to add an ACE for administrators.
>

You know, I thought that when I saw the ACE proposal... but then I
decided it would be better to send you a telepathic message rather
than an email <g>

> However, given that all users are in the group "None", using this
> group for the default group ownership for files is rather insecure.
> On a POSIX system the files in the system directories are owned by
> a group which only sys admins are member of. ÂIn our case, that would
> be most closely resembled by the Admins group.
>
> So, actually I'm now rather leaning towards solution two.
>

As long as it isn't the do-nothing solution, I'm already happy :)
And thinking more on the subject, it seems that it is really for the
better, because with the solution number 2, there is a coherence
between what you see (group ownership) and what you get
(root-admin-like permissions).

BUT, may I make one last wish? I think that if this is important
enough to change in setup.exe, I think it is equally important to
maintain after installation, by implementing the same algorith in (at
least) mkpasswd to avoid incoherence.
The change (if solution 2) is in the algorithm for determining gid -
instead of blindly take the primary group, add some tests for admins
and act accordingly; this same algorithm should be in mkpasswd, so
that all would be transparent and coherent after the deploy of
packages.
PS: I know, we can always edit passwd by hand. But this is more a
question of why should we, when we already identified that there's a
need for change in the gid algorithm?

> Sorry for the to and fro :}
>

Sorry for being sticky - but I still believe these kind of changes are
for the best on Cygwin's interoperability.

-- 
___________
Julio Costa


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]