From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from re-prd-fep-048.btinternet.com (mailomta4-re.btinternet.com [213.120.69.97]) by sourceware.org (Postfix) with ESMTPS id 5FD433858C54 for ; Fri, 2 Sep 2022 13:56:27 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 5FD433858C54 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dronecode.org.uk Authentication-Results: sourceware.org; spf=none smtp.mailfrom=dronecode.org.uk Received: from re-prd-rgout-004.btmx-prd.synchronoss.net ([10.2.54.7]) by re-prd-fep-048.btinternet.com with ESMTP id <20220902135625.IAQQ3057.re-prd-fep-048.btinternet.com@re-prd-rgout-004.btmx-prd.synchronoss.net>; Fri, 2 Sep 2022 14:56:25 +0100 Authentication-Results: btinternet.com; auth=pass (PLAIN) smtp.auth=jonturney@btinternet.com; bimi=skipped X-SNCR-Rigid: 613A901C37B9B713 X-Originating-IP: [86.140.130.112] X-OWM-Source-IP: 86.140.130.112 (GB) X-OWM-Env-Sender: jonturney@btinternet.com X-VadeSecure-score: verdict=clean score=0/300, class=clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvfedrvdeltddgjeefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuueftkffvkffujffvgffngfevqffopdfqfgfvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefkffggfgfufhfhvfgjtgfgsehtjeertddtfeejnecuhfhrohhmpeflohhnucfvuhhrnhgvhicuoehjohhnrdhtuhhrnhgvhiesughrohhnvggtohguvgdrohhrghdruhhkqeenucggtffrrghtthgvrhhnpeehheeggffggfehkedvudfggfduvedtjedutdehfedtieduheeugeehleeigedtudenucfkphepkeeirddugedtrddufedtrdduuddvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghloheplgduledvrdduieekrddurddutdehngdpihhnvghtpeekiedrudegtddrudeftddrudduvddpmhgrihhlfhhrohhmpehjohhnrdhtuhhrnhgvhiesughrohhnvggtohguvgdrohhrghdruhhkpdhnsggprhgtphhtthhopedvpdhrtghpthhtohepvehhrhhishhtihgrnhdrhfhrrghnkhgvsehtqdhonhhlihhnvgdruggvpdhrtghpthhtoheptgihghifihhnqdgrphhpshestgihghifihhnrdgtohhm X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean Received: from [192.168.1.105] (86.140.130.112) by re-prd-rgout-004.btmx-prd.synchronoss.net (5.8.716.04) (authenticated as jonturney@btinternet.com) id 613A901C37B9B713; Fri, 2 Sep 2022 14:56:25 +0100 Message-ID: <0d8da07f-56dc-063d-d735-347d14ef441c@dronecode.org.uk> Date: Fri, 2 Sep 2022 14:56:24 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.13.0 Subject: Re: [PATCH setup] Add new option --chown-admin Content-Language: en-GB References: <3096f251-d7ca-073b-d7d7-751b7fe3e8c1@t-online.de> <405df5c6-ce47-0254-ae4d-4a23ff3533d5@dronecode.org.uk> <5b45ccdc-da32-ff11-037f-c00828f397c5@dronecode.org.uk> <32655945-5075-0823-2a1d-b72caa4b7791@t-online.de> <038c3558-b424-3e4b-9de6-bd3eb6147406@t-online.de> <80661301-d584-3af0-e588-1ec10f3b4108@dronecode.org.uk> <9f1a7088-4f4f-999b-3076-be347477c969@t-online.de> From: Jon Turney To: "cygwin-apps@cygwin.com" , Christian Franke In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3570.4 required=5.0 tests=BAYES_00,FORGED_SPF_HELO,KAM_DMARC_STATUS,KAM_LAZY_DOMAIN_SECURITY,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 28/08/2022 18:33, Christian Franke wrote: > As the 'root_scope' issues are now fixed, here a reworked and enhanced > (checkbox, setup.rc entry) version of the original patch from this thread. > > With the new setting enabled, setup behaves like other install tools > when run elevated: The installation is then also protected against > accidental modifications by the current user. > > owner:group assignments of newly installed dirs/files: > > adm:adm -- "All Users", "[X] Change owner of newly installed files to > local Administrator" > usr:adm -- "All Users" > usr:def -- "Just Me" > > (usr = user running setup, adm = S-1-5-32-544, def = S-1-5-21-*-513) > Thanks. When writing the change summary for the last RC, I wondered what the file owner should be. I guess my question is, if adm:adm ownership is correct, and expected for consistency with other Windows installers, why not make that the default? and then do we really need to provide the current behaviour as an option, if it's "wrong". > An alternative for the UI would be a 3rd radio button ("All Users - > change owner of newly installed files to local Administrator"), but the > checkbox makes this addition IMO more obvious. > > The new setup.rc setting 'root-scope' is only used to read the > chown_admin setting but this could be enhanced, e.g. warn user if > root_scope selection differs from previous setup run. > > The drawback that files generated by postinstall scripts are still owned > by current user could be fixed with a perpetual postinstall script. I > could provide one for base-files package if desired. Doesn't this mean that we are using the wrong user-context to run those scripts?