From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by sourceware.org (Postfix) with ESMTPS id 15F3C384F49D for ; Mon, 21 Nov 2022 12:32:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 15F3C384F49D Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=cygwin.com Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=cygwin.com Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue009 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MLR5f-1oebDR3xlD-00ISQQ for ; Mon, 21 Nov 2022 13:32:23 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id 2468BA80974; Mon, 21 Nov 2022 13:32:22 +0100 (CET) Date: Mon, 21 Nov 2022 13:32:22 +0100 From: Corinna Vinschen To: cygwin-apps@cygwin.com Subject: Re: [Bug] setup regression #2 Message-ID: Reply-To: cygwin-apps@cygwin.com Mail-Followup-To: cygwin-apps@cygwin.com References: <87pmfn5o2j.fsf@Rainer.invalid> <0c8c757c-4f6b-3b49-5404-99353de48b1b@dronecode.org.uk> <877d1gd83r.fsf@Rainer.invalid> <3f6098ed-0b64-33f2-c8ca-36a92500adbb@dronecode.org.uk> <87pmf2p830.fsf@Rainer.invalid> <8a811ecf-38e7-a631-c09e-92ca4d439cc2@dronecode.org.uk> <87iljjggwl.fsf@Rainer.invalid> <87fsedla3u.fsf@Rainer.invalid> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <87fsedla3u.fsf@Rainer.invalid> X-Provags-ID: V03:K1:YxJGxtsjr1Nmh3aGJZo5FGLrsdOqOBuL4oa/pLVs77ecUi+hJ6r rJCKiPmI6eDFQYoMXxC44iXarMXCAKnL39E5tUd48R10ipWQosjMWKWFLOoqe/Vwgyl+uxr rIWiEvN+eKrMYefVwGqtTU2DJcCe8I+8uW9SuZUnx2DryhRDBDR+jAZs5CF3YpH+lTw+EoV 66vezzlH+bpvHNJoER/Dw== X-UI-Out-Filterresults: notjunk:1;V03:K0:evMPCQDt+Go=:Ww0K9McYABu5fSIR5+eLuH cKNIhJsyhdS1zcJa5bMMpNmziI9TAe8jaQCtFv+DP9KyirmmLoXNnIXTalVM9winPKiN/pTVx nOTmbaHJHyju4qKMVoLA3KdGGaUweS57xVt1TOFmeNnwiGAHy7h+4GSaejYu/fQgswfDOshzm 4lL8xSuwpsAVhxcVmCi8TPEHx2VtDdoHnIOlEeIbB7uP4DAl2Imtg1a95eoyqNEz4f0c0uiKL M6cxIePtbO7I76MoT3ZKP1yFkLSjU4AFI8ap5Vx7p3i/3X6RqJn8mzwVOMDQWZHvNNT9KXcvq 2bZ5Rf/RxxYCq0DYtxjk7Gus9b65pBUbWt50P5Fi5ng4lXZP+kxW8LWrRTEv3b6IXEG4dSYz0 /FxK/acSDFbs+lG0zQwiSj3xyJzNqIUXoxhUSfElYqPloGU+kGDlkW8UVDSvESxZ2eBms1pVN Nu/9Izuc9oKvbQkAKk92l3oX/+JuWNuNqG7kPMkOvMfsBgm8GilJVOrfsRiSgudjtcDR3hKqX GZVjarpw258h0nEA/L8A78dIjdwIzJBnTvo8rfIUWGXkiGPKR8NKGQvx9vjKxtcqL0bVGfhlm bm+hIkIKsjMAH4QOjy0t+tiaqTLhSd+aXStYNRk/i8qOSQq96xMFNEYwvweboVBUGOSmtmZD6 vNVT0gI53ZSdKFYwen06dIuDckYs2J80aY9U8nr0B1cT90qy8ogo3/pxa0ehJuTKycFOjuWjs 8eA5G4UUu6ERnbdFda1reBWYgSRyUk5jis6o+p22TKNFNg481yiXfjX26HWNNxGfEgsWoU1Q8 3KpSDBvQ1xh5SQagUuQHc+VO9+QeQ== X-Spam-Status: No, score=-95.7 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_DMARC_NONE,KAM_DMARC_STATUS,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_FAIL,SPF_HELO_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Nov 20 20:05, Achim Gratz wrote: > Jon Turney writes: > > I believe that the intent of the code in setup is that there should > > only be two modes: > > > > USER: install "for me", with the users primary group > > As I understand it, the intention here was that the user can have a > "single user installation" in a place that they have access to (say, > their home directory) while they have no permission in one of the usual > places. In a setup where that place is a certain type of share the user > will not be able to change the group the files are owned by anyway > (standard NetApp CIFS shares are set up this way) and it may not be the > users primary group. > > > SYSTEM: install "for everyone", with the administrators primary group > > (only permitted if you are an administrator) > > I don't see why the fact the installation is meant to be used by > multiple users means that the install must be owned by group > Administrators. I'm not sure this is a good idea on Windows anyway, at > least when you don't put extra (inheritable) DACL on the install > folder. The idea is that the installation tree has POSIXy permissions and administrative users have the right to change stuff. The administrators group is part of the user's token if the process has been started elevated, so, to me, this looks like a natural choice. The other advantage is that the administrators group has a fixed SID on all systems, while other groups depend on the environment. That goes for the local group "None" just as well as for the "Domain Users" group, etc. I'm not adamant about this, it was just what was looking like being the right thing to do at the time. Especially I was not hot to make the permission set more complicated than necessary for a POSIX-like system. Corinna