From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin-apps@cygwin.com
Subject: Re: [Bug] setup regression #2
Date: Mon, 21 Nov 2022 13:32:22 +0100 [thread overview]
Message-ID: <Y3tv1g7W+SEyDGrx@calimero.vinschen.de> (raw)
In-Reply-To: <87fsedla3u.fsf@Rainer.invalid>
On Nov 20 20:05, Achim Gratz wrote:
> Jon Turney writes:
> > I believe that the intent of the code in setup is that there should
> > only be two modes:
> >
> > USER: install "for me", with the users primary group
>
> As I understand it, the intention here was that the user can have a
> "single user installation" in a place that they have access to (say,
> their home directory) while they have no permission in one of the usual
> places. In a setup where that place is a certain type of share the user
> will not be able to change the group the files are owned by anyway
> (standard NetApp CIFS shares are set up this way) and it may not be the
> users primary group.
>
> > SYSTEM: install "for everyone", with the administrators primary group
> > (only permitted if you are an administrator)
>
> I don't see why the fact the installation is meant to be used by
> multiple users means that the install must be owned by group
> Administrators. I'm not sure this is a good idea on Windows anyway, at
> least when you don't put extra (inheritable) DACL on the install
> folder.
The idea is that the installation tree has POSIXy permissions and
administrative users have the right to change stuff. The administrators
group is part of the user's token if the process has been started
elevated, so, to me, this looks like a natural choice.
The other advantage is that the administrators group has a fixed SID on
all systems, while other groups depend on the environment. That goes
for the local group "None" just as well as for the "Domain Users"
group, etc.
I'm not adamant about this, it was just what was looking like being the
right thing to do at the time. Especially I was not hot to make the
permission set more complicated than necessary for a POSIX-like system.
Corinna
next prev parent reply other threads:[~2022-11-21 12:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-22 17:14 Achim Gratz
2022-10-01 15:37 ` Jon Turney
2022-10-03 19:23 ` Achim Gratz
2022-10-08 15:18 ` Jon Turney
2022-10-08 16:56 ` Achim Gratz
2022-11-08 16:21 ` Jon Turney
2022-11-09 18:25 ` Achim Gratz
2022-11-13 12:47 ` Achim Gratz
2022-11-20 17:16 ` Jon Turney
2022-11-20 19:05 ` Achim Gratz
2022-11-21 12:32 ` Corinna Vinschen [this message]
2022-11-21 12:39 ` ASSI
2022-11-21 12:47 ` Corinna Vinschen
2022-11-29 21:37 ` Jon Turney
2022-11-30 21:22 ` Christian Franke
2022-12-01 19:50 ` Achim Gratz
2023-02-02 16:00 ` Jon Turney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y3tv1g7W+SEyDGrx@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).