From: Jon Turney <jon.turney@dronecode.org.uk>
To: Christian Franke <Christian.Franke@t-online.de>,
"cygwin-apps@cygwin.com" <cygwin-apps@cygwin.com>
Subject: Re: [PATCH setup] Add new option --chown-admin
Date: Wed, 6 Jul 2022 14:53:23 +0100 [thread overview]
Message-ID: <405df5c6-ce47-0254-ae4d-4a23ff3533d5@dronecode.org.uk> (raw)
In-Reply-To: <3096f251-d7ca-073b-d7d7-751b7fe3e8c1@t-online.de>
On 06/07/2022 08:14, Christian Franke wrote:
> If an installer is run elevated, the installed files will be typically
> owned by the local administrator (or in some cases SYSTEM or
> TrustedInstaller) instead of the current user. This is not the case for
> a Cygwin "All Users" installation. The files are then not protected from
... instead the files are owned by the user running setup?
> accidental changes by this user.
>
> The attached patch adds an experimental --chown-admin option which
> allows (new) installations owned by local administrator user and group.
Thanks for the patch, but...
> A drawback is that files generated by postinstall scripts are still
> owned by current user + "None" group. It should be possible to fix this
> with some perpetual preremove+postinstall scripts.
>
> I also don't know whether this may break some postinstall scripts.
>
> BTW: 'nt_sec.setDefaultSecurity (isAdmin)' is never called with
> 'isAdmin==true' as 'root_scope' is always 0.
root_scope is set later, by the "Install For" option on the "Select Root
Install Directory" page.
To me, this looks like a (very long standing) bug that we shouldn't be
calling setAdminGroup() here, but after root_scope has been set.
next prev parent reply other threads:[~2022-07-06 13:53 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-06 7:14 Christian Franke
2022-07-06 13:53 ` Jon Turney [this message]
2022-07-06 16:34 ` Christian Franke
2022-07-07 11:38 ` Jon Turney
2022-07-07 14:45 ` Christian Franke
2022-07-07 14:59 ` Christian Franke
[not found] ` <d7d51d1c-f6d5-2fac-3e6d-86714efd0734@dronecode.org.uk>
[not found] ` <32655945-5075-0823-2a1d-b72caa4b7791@t-online.de>
2022-07-12 12:50 ` Jon Turney
2022-08-23 15:20 ` Jon Turney
2022-08-23 17:27 ` Christian Franke
2022-08-26 13:27 ` Jon Turney
2022-08-26 15:02 ` Christian Franke
2022-08-28 17:33 ` Christian Franke
2022-09-02 13:56 ` Jon Turney
2022-09-02 15:17 ` Christian Franke
2022-09-15 17:45 ` Jon Turney
2022-10-04 12:05 ` Christian Franke
2022-11-29 21:37 ` Jon Turney
2022-11-30 18:49 ` Christian Franke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=405df5c6-ce47-0254-ae4d-4a23ff3533d5@dronecode.org.uk \
--to=jon.turney@dronecode.org.uk \
--cc=Christian.Franke@t-online.de \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).