From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.133]) by sourceware.org (Postfix) with ESMTPS id 109073858C20 for ; Mon, 21 Nov 2022 12:47:30 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 109073858C20 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=cygwin.com Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=cygwin.com Received: from calimero.vinschen.de ([24.134.7.25]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MtO06-1pD7zb2vWw-00unck for ; Mon, 21 Nov 2022 13:47:29 +0100 Received: by calimero.vinschen.de (Postfix, from userid 500) id 599E0A80974; Mon, 21 Nov 2022 13:47:29 +0100 (CET) Date: Mon, 21 Nov 2022 13:47:29 +0100 From: Corinna Vinschen To: cygwin-apps@cygwin.com Subject: Re: [Bug] setup regression #2 Message-ID: Reply-To: cygwin-apps@cygwin.com Mail-Followup-To: cygwin-apps@cygwin.com References: <0c8c757c-4f6b-3b49-5404-99353de48b1b@dronecode.org.uk> <877d1gd83r.fsf@Rainer.invalid> <3f6098ed-0b64-33f2-c8ca-36a92500adbb@dronecode.org.uk> <87pmf2p830.fsf@Rainer.invalid> <8a811ecf-38e7-a631-c09e-92ca4d439cc2@dronecode.org.uk> <87iljjggwl.fsf@Rainer.invalid> <87fsedla3u.fsf@Rainer.invalid> <87r0xwpjlh.fsf@Otto.invalid> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <87r0xwpjlh.fsf@Otto.invalid> X-Provags-ID: V03:K1:7HxqF3+9gEzQxOkro/W5kvxHMA+QnCZF4SMxTewg2gcRjZMIFEi oVTofj8YpQF293MYDT8FSuJVDwDXM4wO/npCX9jQN+olpAM2iZYZvN1IoaD0JtJKUTRC6u2 5sHWLA95vyQPXJGDes77wIglgViSxARhkOUR766oGhBIZ9TwKCKosuNCXqST6lCrdwNrZZG 13Ts/W5Gawp2aV2iUccVA== X-UI-Out-Filterresults: notjunk:1;V03:K0:ZmQHkMilC7M=:0YCLFTgM1H1zpBAzbvFeGg aaaKsz0iDw2Dej2UwPTe2pjk+hXxYGiHotQImHZn0kozm95PFbi58SZHYvnbwAcVTL/8xVImP TyG/ZiFtsfmnuLoWaESGjtpesG1/A3cPWAfwtlTHpjE+HcSTYTQX/XeIwKCDID28CvRg/938C 2eXx2QNLP5004N9tTDLyHvLa9C+aSefnxoOIeMNAZ3ZzGWV9PbkxpcBHZ7ABjyRPI1gpRMwHR 0RPovzFItv1IP88SkOyUVDe6uaJ2UIqm2O7zoBa34cA3bZhd6VurqOcjPUnWQm81P+Pm/pOL3 x/Nz5icmyxe5bW0umRGTcYuSMCEguTinhWIwvtfhJ/J/lfbB4ttdNqsZF7NWXTG/Ue7opzwpG BHrE3z0GxDcUwvrTDULNeAaPh2qkSzRQWkjBzNYGmLXLgX3mwa4H4osTKoo2NBkrIYHYwYMvN /obZtJtDU9HxD+tXuYHaoUA832i2ly3+jyML+uHLd5EX4zrFZh9x+xm1JU+xCV5DTz9BXjH3j kTTD8Sk7WsdMAL1bxUERTtWpy02m5kjNZGIoxBD4kQm4rCQwGD8Rt4OwOxRsbhxICWQWGzoQJ DYgxbEc+J5fl48HpOhHcHYM2mK7bZ0ycKKElwjYhPYxd/8ilFrLF0l/QKEHYOtEPSvhy9axqb 6809XFQwMC2/vbYhxFIQaAsbQFAouXzsi8+bTQtVB+rG65d1wiJuDtzG/1fQf46FzdIG1csOc T6zpL67vGOh1w/wfAXHcdFYMOHGM1UFkSKFhqs3LqFFvKy4lVUUjEH4pfYt1RvQ9yzvQRMZ0V q91GM4jqwl+32Tyf3xZOQm7YMGRew== X-Spam-Status: No, score=-95.8 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_DMARC_NONE,KAM_DMARC_STATUS,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_FAIL,SPF_HELO_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Nov 21 13:39, ASSI wrote: > Corinna Vinschen writes: > > The idea is that the installation tree has POSIXy permissions and > > administrative users have the right to change stuff. The administrators > > group is part of the user's token if the process has been started > > elevated, so, to me, this looks like a natural choice. > > As I said, I haven't thought through the implications of doing that. We > certainly haven't done a security audit or anything like that > w.r.t. group ownership of the Cygwin tree and permission of the > installed files. > > > The other advantage is that the administrators group has a fixed SID on > > all systems, while other groups depend on the environment. That goes > > for the local group "None" just as well as for the "Domain Users" > > group, etc. > > Yeah, a local non-domain installation currently installs as "None" > ("Kein" in german Windows) and domain ones will have "Domain Users" ...both groups using the same RID is no accident @ MSFT :) Corinna