From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 77903 invoked by alias); 11 Sep 2015 15:17:23 -0000 Mailing-List: contact cygwin-apps-cvs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: cygwin-apps-cvs-owner@sourceware.org Received: (qmail 77885 invoked by uid 9078); 11 Sep 2015 15:17:23 -0000 Date: Fri, 11 Sep 2015 15:17:00 -0000 Message-ID: <20150911151723.77859.qmail@sourceware.org> From: corinna@sourceware.org To: cygwin-apps-cvs@sourceware.org Subject: [csih] branch master, updated. 7ca191bebb52ae414bb2a2e37ef22d94f2658dc7 X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 87a95f05e40697ea96ecd2b83145d20642db4cf9 X-Git-Newrev: 7ca191bebb52ae414bb2a2e37ef22d94f2658dc7 X-SW-Source: 2015-q3/txt/msg00021.txt.bz2 https://sourceware.org/git/gitweb.cgi?p=cygwin-csih.git;h=7ca191bebb52ae414bb2a2e37ef22d94f2658dc7 commit 7ca191bebb52ae414bb2a2e37ef22d94f2658dc7 Author: Takashi Yano Date: Fri Sep 11 21:33:46 2015 +0900 Group Permissions on root folders problem (Windows 10 TP build 10061) Hi Corinna, On Fri, 11 Sep 2015 13:10:12 +0200 Corinna Vinschen wrote: > In theory, yes. The problem is just that checking the uid/gid equality > is not safe, given that you can easily create that via passwd/group > files. What I was thinking of is to convert the uid/gid values into > SIDs using the `getent' tool and to compare those, along the lines of > > uid=$(/usr/bin/stat -c '%u') > user_sid=$(getent passwd -w $uid | awk -F: '{print $4}') > gid=$(/usr/bin/stat -c '%g') > grp_sid=$(getent group -w $gid | awk -F: '{print $4}') > if [ "${user_sid}" = "${grp_sid}" ] > ... > > Can you check if that works in your env and perhaps create a new patch > using the SIDs? I have made a new patch and confirmed that it also works. Diff: --- cygwin-service-installation-helper.sh | 18 +++++++++++++++++- 1 files changed, 17 insertions(+), 1 deletions(-) diff --git a/cygwin-service-installation-helper.sh b/cygwin-service-installation-helper.sh index 87993be..10ab4fb 100755 --- a/cygwin-service-installation-helper.sh +++ b/cygwin-service-installation-helper.sh @@ -2441,6 +2441,12 @@ readonly -f csih_account_has_necessary_privileges # ====================================================================== _csih_setup() { + local uid + local gid + local user_sid + local grp_sid + local perms="d..x..x..[xt]" + csih_stacktrace "${@}" $_csih_trace if [ "$_csih_setup_already_called" -eq 0 ] @@ -2461,7 +2467,17 @@ _csih_setup() csih_error "Problem with LocalSystem or Adminstrator IDs" fi - if ! csih_check_dir_perms "${LOCALSTATEDIR}" "d..x..x..[xt]" + uid=$(/usr/bin/stat -c '%u' ${LOCALSTATEDIR}) + gid=$(/usr/bin/stat -c '%g' ${LOCALSTATEDIR}) + user_sid=$(/usr/bin/getent -w passwd $uid | awk -F: '{print $4}') + grp_sid=$(/usr/bin/getent -w group $gid | awk -F: '{print $4}') + + if [ "${user_sid}" = "${grp_sid}" ] + then + perms="d..x.....[xt]" + fi + + if ! csih_check_dir_perms "${LOCALSTATEDIR}" "${perms}" then csih_error "Problem with ${LOCALSTATEDIR} directory. Exiting." fi