From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from re-prd-fep-049.btinternet.com (mailomta18-re.btinternet.com [213.120.69.111]) by sourceware.org (Postfix) with ESMTPS id E47DB3858D39 for ; Wed, 6 Jul 2022 13:53:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E47DB3858D39 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dronecode.org.uk Authentication-Results: sourceware.org; spf=none smtp.mailfrom=dronecode.org.uk Received: from re-prd-rgout-004.btmx-prd.synchronoss.net ([10.2.54.7]) by re-prd-fep-049.btinternet.com with ESMTP id <20220706135325.TYMG3069.re-prd-fep-049.btinternet.com@re-prd-rgout-004.btmx-prd.synchronoss.net>; Wed, 6 Jul 2022 14:53:25 +0100 Authentication-Results: btinternet.com; auth=pass (PLAIN) smtp.auth=jonturney@btinternet.com; bimi=skipped X-SNCR-Rigid: 613A901C2DA0E7C0 X-Originating-IP: [86.139.167.41] X-OWM-Source-IP: 86.139.167.41 (GB) X-OWM-Env-Sender: jonturney@btinternet.com X-VadeSecure-score: verdict=clean score=0/300, class=clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvfedrudeifedgieekucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuueftkffvkffujffvgffngfevqffopdfqfgfvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtjeertddtfeejnecuhfhrohhmpeflohhnucfvuhhrnhgvhicuoehjohhnrdhtuhhrnhgvhiesughrohhnvggtohguvgdrohhrghdruhhkqeenucggtffrrghtthgvrhhnpeffkeeigfdujeehteduiefgjeeltdelgeelteekudetfedtffefhfeufefgueettdenucfkphepkeeirddufeelrdduieejrdegudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhephhgvlhhopegludelvddrudeikedruddruddthegnpdhinhgvthepkeeirddufeelrdduieejrdeguddpmhgrihhlfhhrohhmpehjohhnrdhtuhhrnhgvhiesughrohhnvggtohguvgdrohhrghdruhhkpdhnsggprhgtphhtthhopedvpdhrtghpthhtohepvehhrhhishhtihgrnhdrhfhrrghnkhgvsehtqdhonhhlihhnvgdruggvpdhrtghpthhtoheptgihghifihhnqdgrphhpshestgihghifihhnrdgtohhm X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean Received: from [192.168.1.105] (86.139.167.41) by re-prd-rgout-004.btmx-prd.synchronoss.net (5.8.716.04) (authenticated as jonturney@btinternet.com) id 613A901C2DA0E7C0; Wed, 6 Jul 2022 14:53:25 +0100 Message-ID: <405df5c6-ce47-0254-ae4d-4a23ff3533d5@dronecode.org.uk> Date: Wed, 6 Jul 2022 14:53:23 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [PATCH setup] Add new option --chown-admin Content-Language: en-GB To: Christian Franke , "cygwin-apps@cygwin.com" References: <3096f251-d7ca-073b-d7d7-751b7fe3e8c1@t-online.de> From: Jon Turney In-Reply-To: <3096f251-d7ca-073b-d7d7-751b7fe3e8c1@t-online.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3570.5 required=5.0 tests=BAYES_00, FORGED_SPF_HELO, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin-apps@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin package maintainer discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jul 2022 13:53:29 -0000 On 06/07/2022 08:14, Christian Franke wrote: > If an installer is run elevated, the installed files will be typically > owned by the local administrator (or in some cases SYSTEM or > TrustedInstaller) instead of the current user. This is not the case for > a Cygwin "All Users" installation. The files are then not protected from ... instead the files are owned by the user running setup? > accidental changes by this user. > > The attached patch adds an experimental --chown-admin option which > allows (new) installations owned by local administrator user and group. Thanks for the patch, but... > A drawback is that files generated by postinstall scripts are still > owned by current user + "None" group. It should be possible to fix this > with some perpetual preremove+postinstall scripts. > > I also don't know whether this may break some postinstall scripts. > > BTW: 'nt_sec.setDefaultSecurity (isAdmin)' is never called with > 'isAdmin==true' as 'root_scope' is always 0. root_scope is set later, by the "Install For" option on the "Select Root Install Directory" page. To me, this looks like a (very long standing) bug that we shouldn't be calling setAdminGroup() here, but after root_scope has been set.