From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=bHOJ=4U=nifty.ne.jp=takashi.yano@sourceware.org>
Received: from conssluserg-05.nifty.com (conssluserg-05.nifty.com [210.131.2.90])
	by sourceware.org (Postfix) with ESMTPS id 3B3063858D1E
	for <cygwin@cygwin.com>; Thu, 22 Dec 2022 11:45:37 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 3B3063858D1E
Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=nifty.ne.jp
Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=nifty.ne.jp
Received: from HP-Z230 (aj135041.dynamic.ppp.asahi-net.or.jp [220.150.135.41]) (authenticated)
	by conssluserg-05.nifty.com with ESMTP id 2BMBj0UD027933;
	Thu, 22 Dec 2022 20:45:00 +0900
DKIM-Filter: OpenDKIM Filter v2.10.3 conssluserg-05.nifty.com 2BMBj0UD027933
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.ne.jp;
	s=dec2015msa; t=1671709500;
	bh=GUAE+bkipCuLEvVio71uw2rED4hUS0WRkBE3yQXMLLk=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=UWiJkRqpTjKpaikj80ZsocoGycp7nJ/xsjjSQtzi/sZ9TM45UkzChsk5/jJY7QDAl
	 O4+SgGnzFsHxxh8LPnCYcSXA+2p5G+OYwtFqQsZWy4QuBZV5ve11PuzPo4VjNJ9eI5
	 Bsf2+KHReBqaPzTD1UlNFzlBfwf4MnknrWcv0iep7QcqVsMs+cOMfAy0+bVDVeI54l
	 lc828hikEmZRaXzBX2hNq5cWe3VxhAXXXeN27H61oxJ0/Ej6IzIRDSkSaOMx/Ivc8s
	 37MPHayriE+bhutB6E/30DEj5HqMkMGh1h2WIS6ZojOFGHs3z+54YTYhWMz9dPXTLL
	 BEGZopIf1/cww==
X-Nifty-SrcIP: [220.150.135.41]
Date: Thu, 22 Dec 2022 20:45:00 +0900
From: Takashi Yano <takashi.yano@nifty.ne.jp>
To: cygwin@cygwin.com
Cc: Christopher Ng <facboy@gmail.com>
Subject: Re: Windows file security
Message-Id: <20221222204500.5eb10d63b00bea87d1769b34@nifty.ne.jp>
In-Reply-To: <CAN5wt5pwK=6rkxZiZbku_50LAa20eHfVrQsgsb8WE4JbS7tJfw@mail.gmail.com>
References: <CAN5wt5pwK=6rkxZiZbku_50LAa20eHfVrQsgsb8WE4JbS7tJfw@mail.gmail.com>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.30; i686-pc-mingw32)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-5.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <cygwin.cygwin.com>

On Thu, 22 Dec 2022 11:26:08 +0000
Christopher Ng wrote:
> hi,
> 
> is it possible to secure the files of the cygwin installation?  i
> notice that at the 'regular' cygwin prompt i can write to any
> directory, and modify anything.  isn't this somewhat insecure if eg
> i'm running cygwin as an ssh server, but any process running as me can
> go and modify sshd?
> 
> how does one make files non-writable by normal users?

1) Remove Administrators rights from normal users.
2) Enable Administrator account.
3) Install cygwin using Administrator account.

Then the cygwin system files will not be writable
by normal users.

-- 
Takashi Yano <takashi.yano@nifty.ne.jp>