public inbox for cygwin-apps@cygwin.com
 help / color / mirror / Atom feed
From: Jon Turney <jon.turney@dronecode.org.uk>
To: cygwin-apps@cygwin.com
Cc: Jon Turney <jon.turney@dronecode.org.uk>
Subject: [PATCH setup 1/2] Drop group change while running postinstall scripts
Date: Tue, 12 Jul 2022 13:54:48 +0100	[thread overview]
Message-ID: <20220712125449.14050-2-jon.turney@dronecode.org.uk> (raw)
In-Reply-To: <20220712125449.14050-1-jon.turney@dronecode.org.uk>

Drop group change while running postinstall scripts.  This was only for
the benefit of mkgroup/mkpasswd being run by the postinstall script,
which we don't do any more.
---
 postinstall.cc | 13 -------------
 win32.cc       |  6 +-----
 2 files changed, 1 insertion(+), 18 deletions(-)

diff --git a/postinstall.cc b/postinstall.cc
index e990f52..32bc401 100644
--- a/postinstall.cc
+++ b/postinstall.cc
@@ -249,11 +249,6 @@ do_postinstall_reflector (void *p)
     // Tell the postinstall results page the results string
     PostInstallResults.SetResultsString(s);
 
-    /* Revert primary group to admins group.  This allows to create all the
-       state files written by setup as admin group owned. */
-    if (root_scope == IDC_ROOT_SYSTEM)
-      nt_sec.setAdminGroup ();
-
     // Tell the progress page that we're done running scripts
     Progress.PostMessageNow (WM_APP_POSTINSTALL_THREAD_COMPLETE, 0,
                           s.empty() ? IDD_DESKTOP : IDD_POSTINSTALL);
@@ -268,14 +263,6 @@ static HANDLE context[2];
 void
 do_postinstall (HINSTANCE h, HWND owner)
 {
-  /* Switch back to original primary group.  Otherwise we end up with a
-     broken passwd entry for the current user.
-     FIXME: Unfortunately this has the unfortunate side-effect that *all*
-     files created via postinstall are group owned by the original primary
-     group of the user.  Find a way to avoid this at one point. */
-  if (root_scope == IDC_ROOT_SYSTEM)
-    nt_sec.resetPrimaryGroup ();
-
   context[0] = h;
   context[1] = owner;
 
diff --git a/win32.cc b/win32.cc
index 55072a9..62ae4eb 100644
--- a/win32.cc
+++ b/win32.cc
@@ -350,11 +350,7 @@ NTSecurity::setDefaultSecurity (bool isAdmin)
       NoteFailedAPI ("SetTokenInformation(owner)");
       return;
     }
-  /* Get original primary group.  The token's primary group will be reset
-     to the original group right before we call the postinstall scripts.
-     This is necessary, otherwise, if the installing user is a domain user,
-     the group information created by the postinstall calls to `mkpasswd -c,
-     mkgroup -c' will be plain wrong. */
+  /* Get original primary group */
   if (!GetTokenInformation (token.theHANDLE (), TokenPrimaryGroup,
 			    &primaryGroupSID, sizeof primaryGroupSID, &size))
     {
-- 
2.36.1


  reply	other threads:[~2022-07-12 12:55 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-12 12:54 [PATCH setup 0/2] Simplify setting group ownership of installed files Jon Turney
2022-07-12 12:54 ` Jon Turney [this message]
2022-07-12 12:54 ` [PATCH setup 2/2] Defer setting group until after All Users/Just For Me is chosen Jon Turney
2022-07-13 15:39 ` [PATCH setup 0/2] Simplify setting group ownership of installed files Christian Franke

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220712125449.14050-2-jon.turney@dronecode.org.uk \
    --to=jon.turney@dronecode.org.uk \
    --cc=cygwin-apps@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).