From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 64682 invoked by alias); 6 Jun 2019 19:44:31 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 64674 invoked by uid 89); 6 Jun 2019 19:44:30 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-6.0 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2 autolearn=ham version=3.3.1 spammy=SYSTEM, Linda, H*r:192.168.3, ACL X-HELO: Ishtar.sc.tlinx.org Received: from ishtar.tlinx.org (HELO Ishtar.sc.tlinx.org) (173.164.175.65) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 06 Jun 2019 19:44:29 +0000 Received: from [192.168.3.12] (Athenae [192.168.3.12]) by Ishtar.sc.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id x56JiOmW065904 for ; Thu, 6 Jun 2019 12:44:26 -0700 Message-ID: <5CF96D18.6070801@tlinx.org> Date: Thu, 06 Jun 2019 19:44:00 -0000 From: L A Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: cygwin@cygwin.com Subject: how do i create a trusted-installer? (was Re: Trying to create default ACL entries to match file ACL entries) References: <5CF6C7A8.6090902@tlinx.org> <31d3c868824fc32a16ce8a10e130d72b@plebeian.com> In-Reply-To: <31d3c868824fc32a16ce8a10e130d72b@plebeian.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2019-06/txt/msg00071.txt.bz2 On 2019/06/04 14:34, Chris Wagner wrote: > Hi Linda, / is just a mount to something like C:\Cygwin64 so there is no > problem in changing it. > ---- Uh...about that....oh my system '/' points to 'C:\'. Isn't life fun! I think I finally got it. I broke down and used "icacls" for fine tuning and now seem to have: \ NT SERVICE\TrustedInstaller:(F) NT SERVICE\TrustedInstaller:(OI)(CI)(F) Bliss\law:(OI)(CI)(F) BLISS\lawgroup:(OI)(CI)(F) BLISS\Domain Admins:(OI)(CI)(F) BLISS\Domain Users:(OI)(CI)(RX) BUILTIN\Administrators:(OI)(CI)(F) NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Users:(OI)(CI)(RX) Mandatory Label\High Mandatory Level:(OI)(CI)(NW) FWIW, BTW, I have two scripts (one in perl, one in shell) that convert from a SID<->a hex value as you might see in the registry, and back again. As much as I've been able to test they seem correct. and agree with other tools of the same ilk. You probably have your own, but if not, they are fairly trivial and being in either shell or perl they aren't too difficult to understand. If there is a want, I can just post them here, neither is very long. > wc sidhex_xlate.{pl,sh} 127 422 3067 sidhex_xlate.pl 193 566 4697 sidhex_xlate.sh 320 988 7764 total -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple