From: Christian Franke <Christian.Franke@t-online.de>
To: Jon Turney <jon.turney@dronecode.org.uk>,
"cygwin-apps@cygwin.com" <cygwin-apps@cygwin.com>
Subject: Re: [PATCH setup] Add new option --chown-admin
Date: Tue, 4 Oct 2022 14:05:38 +0200 [thread overview]
Message-ID: <064f7b6b-ff09-8544-f444-63e92eea1b4d@t-online.de> (raw)
In-Reply-To: <0824aef9-3abb-4959-6007-48271f407582@dronecode.org.uk>
Jon Turney wrote:
> On 02/09/2022 16:17, Christian Franke wrote:
>> Jon Turney wrote:
>>> On 28/08/2022 18:33, Christian Franke wrote:
>>>> As the 'root_scope' issues are now fixed, here a reworked and
>>>> enhanced (checkbox, setup.rc entry) version of the original patch
>>>> from this thread.
>>>>
>>>> With the new setting enabled, setup behaves like other install
>>>> tools when run elevated: The installation is then also protected
>>>> against accidental modifications by the current user.
>>>>
>>>> owner:group assignments of newly installed dirs/files:
>>>>
>>>> adm:adm -- "All Users", "[X] Change owner of newly installed files
>>>> to local Administrator"
>>>> usr:adm -- "All Users"
>>>> usr:def -- "Just Me"
>>>>
>>>> (usr = user running setup, adm = S-1-5-32-544, def = S-1-5-21-*-513)
>>>>
>>>
>>> Thanks. When writing the change summary for the last RC, I wondered
>>> what the file owner should be.
>>>
>>> I guess my question is, if adm:adm ownership is correct, and
>>> expected for consistency with other Windows installers, why not make
>>> that the default? and then do we really need to provide the current
>>> behaviour as an option, if it's "wrong".
>>
>> Two good questions. I'm not sure.
>
> Well, perhaps we can explore that by asking what is the motivation for
> this change? Does the current situation cause you a problem? Is is it
> just motivated by the concern that the user running setup could
> accidentally modify the installation, or something else?
If "All Users" is selected, the installation should IMO be protected
against the same user if not elevated. This is automatically the case
for other installers because Windows sets TokenOwner=Administrator if
elevated.
>
> Corinna had some concerns about making the owner a group, rather than
> a user, which I believe historically caused some difficulties in
> Cygwin, so I think I'll need to understand that better before making a
> decision about this change.
I see. Do you have any info about these difficulties?
Are these still relevant? If yes, let's forget this patch.
next prev parent reply other threads:[~2022-10-04 12:06 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-06 7:14 Christian Franke
2022-07-06 13:53 ` Jon Turney
2022-07-06 16:34 ` Christian Franke
2022-07-07 11:38 ` Jon Turney
2022-07-07 14:45 ` Christian Franke
2022-07-07 14:59 ` Christian Franke
[not found] ` <d7d51d1c-f6d5-2fac-3e6d-86714efd0734@dronecode.org.uk>
[not found] ` <32655945-5075-0823-2a1d-b72caa4b7791@t-online.de>
2022-07-12 12:50 ` Jon Turney
2022-08-23 15:20 ` Jon Turney
2022-08-23 17:27 ` Christian Franke
2022-08-26 13:27 ` Jon Turney
2022-08-26 15:02 ` Christian Franke
2022-08-28 17:33 ` Christian Franke
2022-09-02 13:56 ` Jon Turney
2022-09-02 15:17 ` Christian Franke
2022-09-15 17:45 ` Jon Turney
2022-10-04 12:05 ` Christian Franke [this message]
2022-11-29 21:37 ` Jon Turney
2022-11-30 18:49 ` Christian Franke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=064f7b6b-ff09-8544-f444-63e92eea1b4d@t-online.de \
--to=christian.franke@t-online.de \
--cc=cygwin-apps@cygwin.com \
--cc=jon.turney@dronecode.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).