From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mailout01.t-online.de (mailout01.t-online.de [194.25.134.80]) by sourceware.org (Postfix) with ESMTPS id AFBA93858C54 for ; Fri, 2 Sep 2022 15:17:37 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org AFBA93858C54 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=t-online.de Authentication-Results: sourceware.org; spf=none smtp.mailfrom=t-online.de Received: from fwd82.dcpf.telekom.de (fwd82.aul.t-online.de [10.223.144.108]) by mailout01.t-online.de (Postfix) with SMTP id 939FC5C75; Fri, 2 Sep 2022 17:17:35 +0200 (CEST) Received: from [192.168.2.101] ([79.230.170.147]) by fwd82.t-online.de with (TLSv1.3:TLS_AES_256_GCM_SHA384 encrypted) esmtp id 1oU8QH-2X0vQ00; Fri, 2 Sep 2022 17:17:34 +0200 Subject: Re: [PATCH setup] Add new option --chown-admin To: Jon Turney , "cygwin-apps@cygwin.com" References: <3096f251-d7ca-073b-d7d7-751b7fe3e8c1@t-online.de> <405df5c6-ce47-0254-ae4d-4a23ff3533d5@dronecode.org.uk> <5b45ccdc-da32-ff11-037f-c00828f397c5@dronecode.org.uk> <32655945-5075-0823-2a1d-b72caa4b7791@t-online.de> <038c3558-b424-3e4b-9de6-bd3eb6147406@t-online.de> <80661301-d584-3af0-e588-1ec10f3b4108@dronecode.org.uk> <9f1a7088-4f4f-999b-3076-be347477c969@t-online.de> <0d8da07f-56dc-063d-d735-347d14ef441c@dronecode.org.uk> From: Christian Franke Message-ID: Date: Fri, 2 Sep 2022 17:17:32 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 SeaMonkey/2.53.12 MIME-Version: 1.0 In-Reply-To: <0d8da07f-56dc-063d-d735-347d14ef441c@dronecode.org.uk> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-TOI-EXPURGATEID: 150726::1662131854-01452558-6C9EDD1B/0/0 CLEAN NORMAL X-TOI-MSGID: 98ef7766-4d21-47c6-b150-baa93da62554 X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM,KAM_DMARC_STATUS,KAM_LAZY_DOMAIN_SECURITY,NICE_REPLY_A,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Jon Turney wrote: > On 28/08/2022 18:33, Christian Franke wrote: >> As the 'root_scope' issues are now fixed, here a reworked and >> enhanced (checkbox, setup.rc entry) version of the original patch >> from this thread. >> >> With the new setting enabled, setup behaves like other install tools >> when run elevated: The installation is then also protected against >> accidental modifications by the current user. >> >> owner:group assignments of newly installed dirs/files: >> >> adm:adm -- "All Users", "[X] Change owner of newly installed files to >> local Administrator" >> usr:adm -- "All Users" >> usr:def -- "Just Me" >> >> (usr = user running setup, adm = S-1-5-32-544, def = S-1-5-21-*-513) >> > > Thanks.  When writing the change summary for the last RC, I wondered > what the file owner should be. > > I guess my question is, if adm:adm ownership is correct, and expected > for consistency with other Windows installers, why not make that the > default? and then do we really need to provide the current behaviour > as an option, if it's "wrong". Two good questions. I'm not sure. > >> An alternative for the UI would be a 3rd radio button ("All Users - >> change owner of newly installed files to local Administrator"), but >> the checkbox makes this addition IMO more obvious. >> >> The new setup.rc setting 'root-scope' is only used to read the >> chown_admin setting but this could be enhanced, e.g. warn user if >> root_scope selection differs from previous setup run. >> >> The drawback that files generated by postinstall scripts are still >> owned by current user could be fixed with a perpetual postinstall >> script. I could provide one for base-files package if desired. > > Doesn't this mean that we are using the wrong user-context to run > those scripts? > The correct user context for running the script would be an equivalent to 'sudo administrator' which is not possible. A change or addition (environment CYGWIN=chown_admin) in the Cygwin DLL would help: If launched with TokenOwner = Administrator, make sure that all newly created dirs/files are owned by TokenOwner instead of current user.