how do i create a trusted-installer? (was Re: Trying to create default ACL entries to match file ACL entries)

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: L A Walsh <cygwin@tlinx.org>
To: cygwin@cygwin.com
Subject: how do i create a trusted-installer? (was Re: Trying to create default ACL entries to match file ACL entries)
Date: Thu, 06 Jun 2019 19:44:00 -0000	[thread overview]
Message-ID: <5CF96D18.6070801@tlinx.org> (raw)
In-Reply-To: <31d3c868824fc32a16ce8a10e130d72b@plebeian.com>

On 2019/06/04 14:34, Chris Wagner wrote:
> Hi Linda, / is just a mount to something like C:\Cygwin64 so there is no 
> problem in changing it.
>   
----
    Uh...about that....oh my system '/' points to 'C:\'.  Isn't life fun!

I think I finally got it.  I broke down and used "icacls" for fine tuning
and now seem to have:
\ NT SERVICE\TrustedInstaller:(F)
  NT SERVICE\TrustedInstaller:(OI)(CI)(F)
  Bliss\law:(OI)(CI)(F)
  BLISS\lawgroup:(OI)(CI)(F)
  BLISS\Domain Admins:(OI)(CI)(F)
  BLISS\Domain Users:(OI)(CI)(RX)
  BUILTIN\Administrators:(OI)(CI)(F)
  NT AUTHORITY\SYSTEM:(OI)(CI)(F)
  BUILTIN\Users:(OI)(CI)(RX)
  Mandatory Label\High Mandatory Level:(OI)(CI)(NW)

FWIW, BTW, I have two scripts (one in perl, one in shell) that convert
from a SID<->a hex value as you might see in the registry, and back
again.  As much as I've been able to test they seem correct. and agree
with other tools of the same
ilk.  You probably have your own, but if not, they are fairly trivial
and being in either shell or perl they aren't too difficult to understand.

If there is a want, I can just post them here, neither is very long.
> wc sidhex_xlate.{pl,sh}
 127  422 3067 sidhex_xlate.pl
 193  566 4697 sidhex_xlate.sh
 320  988 7764 total

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

     prev parent reply	other threads:[~2019-06-06 19:44 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-04 19:34 Trying to create default ACL entries to match file ACL entries L A Walsh
2019-06-04 19:44 ` Eliot Moss
2019-06-04 19:59   ` L A Walsh
2019-06-04 21:26     ` Brian Inglis
2019-06-04 21:58       ` L A Walsh
2019-06-04 21:34 ` Chris Wagner
2019-06-04 22:11   ` Brian Inglis
2019-06-06 19:44   ` L A Walsh [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5CF96D18.6070801@tlinx.org \
    --to=cygwin@tlinx.org \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).