From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sa-prd-fep-042.btinternet.com (mailomta22-sa.btinternet.com [213.120.69.28]) by sourceware.org (Postfix) with ESMTPS id F205E38983A7 for ; Thu, 15 Sep 2022 17:45:33 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org F205E38983A7 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dronecode.org.uk Authentication-Results: sourceware.org; spf=none smtp.mailfrom=dronecode.org.uk Received: from sa-prd-rgout-004.btmx-prd.synchronoss.net ([10.2.38.7]) by sa-prd-fep-042.btinternet.com with ESMTP id <20220915174532.KNAY3231.sa-prd-fep-042.btinternet.com@sa-prd-rgout-004.btmx-prd.synchronoss.net>; Thu, 15 Sep 2022 18:45:32 +0100 Authentication-Results: btinternet.com; auth=pass (PLAIN) smtp.auth=jonturney@btinternet.com; bimi=skipped X-SNCR-Rigid: 613943C63A8F8F33 X-Originating-IP: [81.153.98.219] X-OWM-Source-IP: 81.153.98.219 (GB) X-OWM-Env-Sender: jonturney@btinternet.com X-VadeSecure-score: verdict=clean score=0/300, class=clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvfedrfedukedguddulecutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofdpqfgfvfenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkfffgggfuffvfhfhjggtgfesthekredttdefjeenucfhrhhomheplfhonhcuvfhurhhnvgihuceojhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukheqnecuggftrfgrthhtvghrnhepvddtteffkeevveejgeehgeelhfdtgefgieelgffgudetudefvdeggfeiiefftdevnecukfhppeekuddrudehfedrleekrddvudelnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghloheplgduledvrdduieekrddurddutdeingdpihhnvghtpeekuddrudehfedrleekrddvudelpdhmrghilhhfrhhomhepjhhonhdrthhurhhnvgihsegurhhonhgvtghouggvrdhorhhgrdhukhdpnhgspghrtghpthhtohepvddprhgtphhtthhopeevhhhrihhsthhirghnrdfhrhgrnhhkvgesthdqohhnlhhinhgvrdguvgdprhgtphhtthhopegthihgfihinhdqrghpphhssegthihgfihinhdrtghomh X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean Received: from [192.168.1.106] (81.153.98.219) by sa-prd-rgout-004.btmx-prd.synchronoss.net (5.8.716.04) (authenticated as jonturney@btinternet.com) id 613943C63A8F8F33; Thu, 15 Sep 2022 18:45:32 +0100 Message-ID: <0824aef9-3abb-4959-6007-48271f407582@dronecode.org.uk> Date: Thu, 15 Sep 2022 18:45:31 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Subject: Re: [PATCH setup] Add new option --chown-admin Content-Language: en-GB To: Christian Franke , "cygwin-apps@cygwin.com" References: <3096f251-d7ca-073b-d7d7-751b7fe3e8c1@t-online.de> <405df5c6-ce47-0254-ae4d-4a23ff3533d5@dronecode.org.uk> <5b45ccdc-da32-ff11-037f-c00828f397c5@dronecode.org.uk> <32655945-5075-0823-2a1d-b72caa4b7791@t-online.de> <038c3558-b424-3e4b-9de6-bd3eb6147406@t-online.de> <80661301-d584-3af0-e588-1ec10f3b4108@dronecode.org.uk> <9f1a7088-4f4f-999b-3076-be347477c969@t-online.de> <0d8da07f-56dc-063d-d735-347d14ef441c@dronecode.org.uk> From: Jon Turney In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3569.8 required=5.0 tests=BAYES_00,FORGED_SPF_HELO,KAM_DMARC_STATUS,KAM_LAZY_DOMAIN_SECURITY,NICE_REPLY_A,RCVD_IN_BARRACUDACENTRAL,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_NONE,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 02/09/2022 16:17, Christian Franke wrote: > Jon Turney wrote: >> On 28/08/2022 18:33, Christian Franke wrote: >>> As the 'root_scope' issues are now fixed, here a reworked and >>> enhanced (checkbox, setup.rc entry) version of the original patch >>> from this thread. >>> >>> With the new setting enabled, setup behaves like other install tools >>> when run elevated: The installation is then also protected against >>> accidental modifications by the current user. >>> >>> owner:group assignments of newly installed dirs/files: >>> >>> adm:adm -- "All Users", "[X] Change owner of newly installed files to >>> local Administrator" >>> usr:adm -- "All Users" >>> usr:def -- "Just Me" >>> >>> (usr = user running setup, adm = S-1-5-32-544, def = S-1-5-21-*-513) >>> >> >> Thanks.  When writing the change summary for the last RC, I wondered >> what the file owner should be. >> >> I guess my question is, if adm:adm ownership is correct, and expected >> for consistency with other Windows installers, why not make that the >> default? and then do we really need to provide the current behaviour >> as an option, if it's "wrong". > > Two good questions. I'm not sure. Well, perhaps we can explore that by asking what is the motivation for this change? Does the current situation cause you a problem? Is is it just motivated by the concern that the user running setup could accidentally modify the installation, or something else? Corinna had some concerns about making the owner a group, rather than a user, which I believe historically caused some difficulties in Cygwin, so I think I'll need to understand that better before making a decision about this change. >>> An alternative for the UI would be a 3rd radio button ("All Users - >>> change owner of newly installed files to local Administrator"), but >>> the checkbox makes this addition IMO more obvious. >>> >>> The new setup.rc setting 'root-scope' is only used to read the >>> chown_admin setting but this could be enhanced, e.g. warn user if >>> root_scope selection differs from previous setup run. >>> >>> The drawback that files generated by postinstall scripts are still >>> owned by current user could be fixed with a perpetual postinstall >>> script. I could provide one for base-files package if desired. >> >> Doesn't this mean that we are using the wrong user-context to run >> those scripts? > > The correct user context for running the script would be an equivalent > to 'sudo administrator' which is not possible. > > A change or addition (environment CYGWIN=chown_admin) in the Cygwin DLL > would help: If launched with TokenOwner = Administrator, make sure that > all newly created dirs/files are owned by TokenOwner instead of current > user.