From: Jon Turney <jon.turney@dronecode.org.uk>
To: Achim Gratz <Stromeko@nexgo.de>,
"cygwin-apps@cygwin.com" <cygwin-apps@cygwin.com>
Subject: Re: [Bug] setup regression #2
Date: Tue, 8 Nov 2022 16:21:44 +0000 [thread overview]
Message-ID: <8a811ecf-38e7-a631-c09e-92ca4d439cc2@dronecode.org.uk> (raw)
In-Reply-To: <87pmf2p830.fsf@Rainer.invalid>
[-- Attachment #1: Type: text/plain, Size: 1527 bytes --]
On 08/10/2022 17:56, Achim Gratz wrote:
> I think that setup was essentially treating the install as "for this
> user only" since it was created and maintained by a script that can't
> affect that option and the fact it was also in group Adminsitroators
> didn't actually register until now.
Yeah, that seems possible, since some of these changes fix what are
arguably bugs in how that works (i.e. I suspect that previously, even
when elevated, if only the registry key
HKEY_CURRENT_USER\\Software\\Cygwin\\setup\rootdir exists (and not the
same key under HKLM), we're going to install for "Just Me", irrespective
of what the UI says)
> The DACL on the server install changed from conferring access to "Everyone" to
> just the install user and SYSTEM IIRC. It doesn't do that on the
> (non-domain) build machine at home that runs Win10 Pro.
That makes less sense to me. We should always creating an entry in the
DACL for 'Everyone' to hold the POSIX permissions for 'other' users.
(See win32.cc:NTSecurity::GetPosixPerms() which translates a file mode
to a SD)
>> As long as there's an option to force it to keep the former behaviour
>> things should be OK, but I haven't really checked if and how this is
>> possible.
>
> Unfortunately, there is no such option.
I wrote some code for this option (attached), but I have a hard time
seeing how it's functionally different from using '-B/'--no-admin'.
So, I guess a question is, does running with that option work as
expected in your problematic instance?
[-- Attachment #2: 0001-Add-an-option-to-not-make-files-group-owned-by-Admin.patch --]
[-- Type: text/plain, Size: 3529 bytes --]
From ae547f5b4b4421bf9b7b9f204eb3d303cc6b2673 Mon Sep 17 00:00:00 2001
From: Jon Turney <jon.turney@dronecode.org.uk>
Date: Wed, 2 Nov 2022 22:46:29 +0000
Subject: [PATCH setup] Add an option to not make files group owned by
Adminstrators
Add an option that, when elevated, do not make files group owned by
Adminstrators (i.e use the primary group of the user running setup
instead).
Fixes: 495b0148
---
res.pot | 8 ++++++--
res/en/res.rc | 1 +
resource.h | 1 +
root.cc | 7 ++++++-
4 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/res.pot b/res.pot
index 64079c8..e84c34c 100644
--- a/res.pot
+++ b/res.pot
@@ -3,7 +3,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-08-27 12:54+0100\n"
+"POT-Creation-Date: 2022-11-08 14:36+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -11,7 +11,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Accelerator-Marker: &\n"
-"X-Generator: Translate Toolkit 3.7.0\n"
+"X-Generator: Translate Toolkit 3.7.3\n"
"X-Merge-On: location\n"
#: DIALOG.IDD_SOURCE.CAPTION
@@ -1245,6 +1245,10 @@ msgstr ""
msgid "Disable creation of desktop shortcut"
msgstr ""
+#: STRINGTABLE.IDS_HELPTEXT_NO_GROUP_CHANGE
+msgid "When elevated, do not make files group owned by Adminstrators"
+msgstr ""
+
#: STRINGTABLE.IDS_HELPTEXT_NO_REPLACEONREBOOT
msgid "Disable replacing in-use files on next reboot"
msgstr ""
diff --git a/res/en/res.rc b/res/en/res.rc
index ef5e8b1..dad5c47 100644
--- a/res/en/res.rc
+++ b/res/en/res.rc
@@ -683,6 +683,7 @@ BEGIN
IDS_HELPTEXT_MIRROR_MODE "Skip package availability check when installing from local directory (requires local directory to be clean mirror!)"
IDS_HELPTEXT_NO_ADMIN "Do not check for and enforce running as Administrator"
IDS_HELPTEXT_NO_DESKTOP "Disable creation of desktop shortcut"
+ IDS_HELPTEXT_NO_GROUP_CHANGE "When elevated, do not make files group owned by Adminstrators"
IDS_HELPTEXT_NO_REPLACEONREBOOT "Disable replacing in-use files on next reboot"
IDS_HELPTEXT_NO_SHORTCUTS "Disable creation of desktop and start menu shortcuts"
IDS_HELPTEXT_NO_STARTMENU "Disable creation of start menu shortcut"
diff --git a/resource.h b/resource.h
index cfe860b..917534f 100644
--- a/resource.h
+++ b/resource.h
@@ -157,6 +157,7 @@
#define IDS_HELPTEXT_HEADER 1546
#define IDS_HELPTEXT_FOOTER 1547
#define IDS_HELPTEXT_NO_WRITE_REGISTRY 1548
+#define IDS_HELPTEXT_NO_GROUP_CHANGE 1549
// Dialogs
diff --git a/root.cc b/root.cc
index ccbd6ae..f81c5c9 100644
--- a/root.cc
+++ b/root.cc
@@ -37,8 +37,10 @@
#include "propsheet.h"
#include "getopt++/StringOption.h"
+#include "getopt++/BoolOption.h"
StringOption RootOption ("", 'R', "root", IDS_HELPTEXT_ROOT, false);
+static BoolOption NoGroupChangeOption (false, '\0', "no-group-change", IDS_HELPTEXT_NO_GROUP_CHANGE);
static ControlAdjuster::ControlInfo RootControlsInfo[] = {
{ IDC_ROOTDIR_GRP, CP_STRETCH, CP_TOP },
@@ -310,7 +312,10 @@ RootPage::OnNext ()
<< (root_scope == IDC_ROOT_USER ? " user" : " system") << endLog;
if (root_scope == IDC_ROOT_SYSTEM)
- nt_sec.setAdminGroup ();
+ {
+ if (!NoGroupChangeOption)
+ nt_sec.setAdminGroup ();
+ }
else
nt_sec.resetPrimaryGroup ();
--
2.38.1
next prev parent reply other threads:[~2022-11-08 16:21 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-22 17:14 Achim Gratz
2022-10-01 15:37 ` Jon Turney
2022-10-03 19:23 ` Achim Gratz
2022-10-08 15:18 ` Jon Turney
2022-10-08 16:56 ` Achim Gratz
2022-11-08 16:21 ` Jon Turney [this message]
2022-11-09 18:25 ` Achim Gratz
2022-11-13 12:47 ` Achim Gratz
2022-11-20 17:16 ` Jon Turney
2022-11-20 19:05 ` Achim Gratz
2022-11-21 12:32 ` Corinna Vinschen
2022-11-21 12:39 ` ASSI
2022-11-21 12:47 ` Corinna Vinschen
2022-11-29 21:37 ` Jon Turney
2022-11-30 21:22 ` Christian Franke
2022-12-01 19:50 ` Achim Gratz
2023-02-02 16:00 ` Jon Turney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8a811ecf-38e7-a631-c09e-92ca4d439cc2@dronecode.org.uk \
--to=jon.turney@dronecode.org.uk \
--cc=Stromeko@nexgo.de \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).