public inbox for cygwin-apps-cvs@sourceware.org help / color / mirror / Atom feed
From: corinna@sourceware.org To: cygwin-apps-cvs@sourceware.org Subject: [csih] branch master, updated. 7ca191bebb52ae414bb2a2e37ef22d94f2658dc7 Date: Fri, 11 Sep 2015 15:17:00 -0000 [thread overview] Message-ID: <20150911151723.77859.qmail@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=cygwin-csih.git;h=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7 commit 7ca191bebb52ae414bb2a2e37ef22d94f2658dc7 Author: Takashi Yano <takashi.yano@nifty.ne.jp> Date: Fri Sep 11 21:33:46 2015 +0900 Group Permissions on root folders problem (Windows 10 TP build 10061) Hi Corinna, On Fri, 11 Sep 2015 13:10:12 +0200 Corinna Vinschen wrote: > In theory, yes. The problem is just that checking the uid/gid equality > is not safe, given that you can easily create that via passwd/group > files. What I was thinking of is to convert the uid/gid values into > SIDs using the `getent' tool and to compare those, along the lines of > > uid=$(/usr/bin/stat -c '%u') > user_sid=$(getent passwd -w $uid | awk -F: '{print $4}') > gid=$(/usr/bin/stat -c '%g') > grp_sid=$(getent group -w $gid | awk -F: '{print $4}') > if [ "${user_sid}" = "${grp_sid}" ] > ... > > Can you check if that works in your env and perhaps create a new patch > using the SIDs? I have made a new patch and confirmed that it also works. Diff: --- cygwin-service-installation-helper.sh | 18 +++++++++++++++++- 1 files changed, 17 insertions(+), 1 deletions(-) diff --git a/cygwin-service-installation-helper.sh b/cygwin-service-installation-helper.sh index 87993be..10ab4fb 100755 --- a/cygwin-service-installation-helper.sh +++ b/cygwin-service-installation-helper.sh @@ -2441,6 +2441,12 @@ readonly -f csih_account_has_necessary_privileges # ====================================================================== _csih_setup() { + local uid + local gid + local user_sid + local grp_sid + local perms="d..x..x..[xt]" + csih_stacktrace "${@}" $_csih_trace if [ "$_csih_setup_already_called" -eq 0 ] @@ -2461,7 +2467,17 @@ _csih_setup() csih_error "Problem with LocalSystem or Adminstrator IDs" fi - if ! csih_check_dir_perms "${LOCALSTATEDIR}" "d..x..x..[xt]" + uid=$(/usr/bin/stat -c '%u' ${LOCALSTATEDIR}) + gid=$(/usr/bin/stat -c '%g' ${LOCALSTATEDIR}) + user_sid=$(/usr/bin/getent -w passwd $uid | awk -F: '{print $4}') + grp_sid=$(/usr/bin/getent -w group $gid | awk -F: '{print $4}') + + if [ "${user_sid}" = "${grp_sid}" ] + then + perms="d..x.....[xt]" + fi + + if ! csih_check_dir_perms "${LOCALSTATEDIR}" "${perms}" then csih_error "Problem with ${LOCALSTATEDIR} directory. Exiting." fi
reply other threads:[~2015-09-11 15:17 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20150911151723.77859.qmail@sourceware.org \ --to=corinna@sourceware.org \ --cc=cygwin-apps-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).