* How about a 64-bit installer that doesn't require UAC?
@ 2013-11-02 20:43 Bill Welch
2013-11-02 22:35 ` Andrey Repin
0 siblings, 1 reply; 11+ messages in thread
From: Bill Welch @ 2013-11-02 20:43 UTC (permalink / raw)
To: cygwin
Yes, I could try to change the application manifest myself, but that
seems esoteric and I haven't been able to find any GPL tool. See
http://stackoverflow.com/questions/741726/diagnosing-windows-application-manifests,
for example. Same for the solutions noted here
http://superuser.com/questions/24631/prevent-elevation-uac-for-an-application-that-doesnt-need-it.
From the application manifest of setup-x86_64.exe:
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator"
uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: How about a 64-bit installer that doesn't require UAC?
2013-11-02 20:43 How about a 64-bit installer that doesn't require UAC? Bill Welch
@ 2013-11-02 22:35 ` Andrey Repin
2013-11-02 23:05 ` Andrey Repin
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: Andrey Repin @ 2013-11-02 22:35 UTC (permalink / raw)
To: Bill Welch, cygwin
Greetings, Bill Welch!
> Yes, I could try to change the application manifest myself, but that
> seems esoteric and I haven't been able to find any GPL tool.
I suggest you use search before posting. This has been discussed already.
The real solution would be a tool that run in postinstall scripts and can
prompt user for privilege elevation, but noone had time or inclination to
write one. Yet.
--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 03.11.2013, <02:26>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: How about a 64-bit installer that doesn't require UAC?
2013-11-02 22:35 ` Andrey Repin
@ 2013-11-02 23:05 ` Andrey Repin
2013-11-03 18:45 ` Bill Welch
2013-11-03 19:13 ` Bill Welch
2 siblings, 0 replies; 11+ messages in thread
From: Andrey Repin @ 2013-11-02 23:05 UTC (permalink / raw)
To: All
Greetings, All!
> The real solution would be a tool that run in postinstall scripts and can
> prompt user for privilege elevation, but noone had time or inclination to
> write one. Yet.
This got me to think...
An alternation of env command with appropriate manifest would be sufficient.
--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 03.11.2013, <02:50>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: How about a 64-bit installer that doesn't require UAC?
2013-11-02 22:35 ` Andrey Repin
2013-11-02 23:05 ` Andrey Repin
@ 2013-11-03 18:45 ` Bill Welch
2013-11-03 19:13 ` Bill Welch
2 siblings, 0 replies; 11+ messages in thread
From: Bill Welch @ 2013-11-03 18:45 UTC (permalink / raw)
To: cygwin
I presume you're referring to
http://cygwin.1069669.n5.nabble.com/cannot-run-setup64-exe-without-admin-privileges-even-if-renamed-foo-exe-td102712.html,
where the final (official cygwin, apparently) word is that you think
cygwin users are too stupid to be allowed a choice in 64-bit, that they
have in 32-bit, no matter how locked down and single user their
corporate machine might be.
Thanks.
On 2013-11-02 18:28, Andrey Repin wrote:
> Greetings, Bill Welch!
>
>> Yes, I could try to change the application manifest myself, but that
>> seems esoteric and I haven't been able to find any GPL tool.
> I suggest you use search before posting. This has been discussed already.
> The real solution would be a tool that run in postinstall scripts and can
> prompt user for privilege elevation, but noone had time or inclination to
> write one. Yet.
>
>
> --
> WBR,
> Andrey Repin (anrdaemon@yandex.ru) 03.11.2013, <02:26>
>
> Sorry for my terrible english...
>
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: How about a 64-bit installer that doesn't require UAC?
2013-11-02 22:35 ` Andrey Repin
2013-11-02 23:05 ` Andrey Repin
2013-11-03 18:45 ` Bill Welch
@ 2013-11-03 19:13 ` Bill Welch
2013-11-04 11:53 ` Corinna Vinschen
2 siblings, 1 reply; 11+ messages in thread
From: Bill Welch @ 2013-11-03 19:13 UTC (permalink / raw)
To: cygwin
My apologies for the snark. The list archive ends at the same message as
the top of the second page of the nabble rendering and I didn't
immediately see the additional messages in nabble that include a workaround.
On 2013-11-02 18:28, Andrey Repin wrote:
> Greetings, Bill Welch!
>
>> Yes, I could try to change the application manifest myself, but that
>> seems esoteric and I haven't been able to find any GPL tool.
> I suggest you use search before posting. This has been discussed already.
> The real solution would be a tool that run in postinstall scripts and can
> prompt user for privilege elevation, but noone had time or inclination to
> write one. Yet.
>
>
> --
> WBR,
> Andrey Repin (anrdaemon@yandex.ru) 03.11.2013, <02:26>
>
> Sorry for my terrible english...
>
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: How about a 64-bit installer that doesn't require UAC?
2013-11-03 19:13 ` Bill Welch
@ 2013-11-04 11:53 ` Corinna Vinschen
2013-11-04 15:59 ` Christopher Faylor
2013-11-08 14:01 ` Shaddy Baddah
0 siblings, 2 replies; 11+ messages in thread
From: Corinna Vinschen @ 2013-11-04 11:53 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 763 bytes --]
On Nov 3 14:13, Bill Welch wrote:
> My apologies for the snark. The list archive ends at the same
> message as the top of the second page of the nabble rendering and I
> didn't immediately see the additional messages in nabble that
> include a workaround.
Setup should work for admins in the first place, without having to
remember explicit elevating every time. To fix this for the 64 bit
version, the best solution is not just to remove the "require admin"
manifest. Instead, there's a patch in the loop which allows setup to
elevate itself. It's just not ready for prime time yet.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: How about a 64-bit installer that doesn't require UAC?
2013-11-04 11:53 ` Corinna Vinschen
@ 2013-11-04 15:59 ` Christopher Faylor
2013-11-04 16:11 ` Corinna Vinschen
2013-11-08 14:01 ` Shaddy Baddah
1 sibling, 1 reply; 11+ messages in thread
From: Christopher Faylor @ 2013-11-04 15:59 UTC (permalink / raw)
To: cygwin
On Mon, Nov 04, 2013 at 12:53:43PM +0100, Corinna Vinschen wrote:
>On Nov 3 14:13, Bill Welch wrote:
>> My apologies for the snark. The list archive ends at the same
>> message as the top of the second page of the nabble rendering and I
>> didn't immediately see the additional messages in nabble that
>> include a workaround.
>
>Setup should work for admins in the first place, without having to
>remember explicit elevating every time. To fix this for the 64 bit
>version, the best solution is not just to remove the "require admin"
>manifest. Instead, there's a patch in the loop which allows setup to
>elevate itself. It's just not ready for prime time yet.
So, probably the Thursday after next, cat-dependent?
cgf
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: How about a 64-bit installer that doesn't require UAC?
2013-11-04 15:59 ` Christopher Faylor
@ 2013-11-04 16:11 ` Corinna Vinschen
0 siblings, 0 replies; 11+ messages in thread
From: Corinna Vinschen @ 2013-11-04 16:11 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 1004 bytes --]
On Nov 4 10:59, Christopher Faylor wrote:
> On Mon, Nov 04, 2013 at 12:53:43PM +0100, Corinna Vinschen wrote:
> >On Nov 3 14:13, Bill Welch wrote:
> >> My apologies for the snark. The list archive ends at the same
> >> message as the top of the second page of the nabble rendering and I
> >> didn't immediately see the additional messages in nabble that
> >> include a workaround.
> >
> >Setup should work for admins in the first place, without having to
> >remember explicit elevating every time. To fix this for the 64 bit
> >version, the best solution is not just to remove the "require admin"
> >manifest. Instead, there's a patch in the loop which allows setup to
> >elevate itself. It's just not ready for prime time yet.
>
> So, probably the Thursday after next, cat-dependent?
If Shaddy is a cat person, yes.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: How about a 64-bit installer that doesn't require UAC?
2013-11-04 11:53 ` Corinna Vinschen
2013-11-04 15:59 ` Christopher Faylor
@ 2013-11-08 14:01 ` Shaddy Baddah
2013-11-08 18:44 ` Denis Excoffier
1 sibling, 1 reply; 11+ messages in thread
From: Shaddy Baddah @ 2013-11-08 14:01 UTC (permalink / raw)
To: cygwin
Hi,
On 04/11/13 22:53, Corinna Vinschen wrote:
> On Nov 3 14:13, Bill Welch wrote:
>> My apologies for the snark. The list archive ends at the same
>> message as the top of the second page of the nabble rendering and I
>> didn't immediately see the additional messages in nabble that
>> include a workaround.
>
> Setup should work for admins in the first place, without having to
> remember explicit elevating every time. To fix this for the 64 bit
> version, the best solution is not just to remove the "require admin"
> manifest. Instead, there's a patch in the loop which allows setup to
> elevate itself. It's just not ready for prime time yet.
I am happy to say that my patch has been accepted, and is ready for
prime time. I understand the latest version of setup on
http://www.cygwin.com/ includes this patch.
As Corinna describes, the manifests for setup (both x86 and x86_64) no
longer "require admin". Instead setup will "require admin" at runtime
for Vista and above, but only as the default behaviour.
This behaviour can be overridden via the --no-admin/-B argument to
setup.exe. As suggested, setup will not attempt to elevate to admin
given that option, and will just run as the invoking user.
In my view, this option should only be used by users who understand well
enough general Windows file permissions, user privileges, etc...
the general security model, and how Cygwin functions accordingly.
--
Regards,
Shaddy
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: How about a 64-bit installer that doesn't require UAC?
2013-11-08 14:01 ` Shaddy Baddah
@ 2013-11-08 18:44 ` Denis Excoffier
2013-11-08 19:58 ` Buchbinder, Barry (NIH/NIAID) [E]
0 siblings, 1 reply; 11+ messages in thread
From: Denis Excoffier @ 2013-11-08 18:44 UTC (permalink / raw)
To: cygwin@cygwin.com Mailing List; +Cc: Shaddy Baddah
On 2013-11-08 15:01, Shaddy Baddah wrote:
> In my view, this option should only be used by users who understand well
> enough general Windows file permissions, user privileges, etc...
> the general security model, and how Cygwin functions accordingly.
Well, i would say the reverse (i.e. elevation is for knowledgeable people),
but never mind.
More importantly, the new —no-admin/-B option is especially beneficial for users
that are not allowed to elevate or that do not know any Administrator password.
Denis Excoffier.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 11+ messages in thread
* RE: How about a 64-bit installer that doesn't require UAC?
2013-11-08 18:44 ` Denis Excoffier
@ 2013-11-08 19:58 ` Buchbinder, Barry (NIH/NIAID) [E]
0 siblings, 0 replies; 11+ messages in thread
From: Buchbinder, Barry (NIH/NIAID) [E] @ 2013-11-08 19:58 UTC (permalink / raw)
To: cygwin
Denis Excoffier sent the following at Friday, November 08, 2013 1:34 PM
>On 2013-11-08 15:01, Shaddy Baddah wrote:
>> In my view, this option should only be used by users who understand well
>> enough general Windows file permissions, user privileges, etc...
>> the general security model, and how Cygwin functions accordingly.
>
>Well, i would say the reverse
>(i.e. elevation is for knowledgeable people), but never mind.
>
>More importantly, the new -no-admin/-B option is especially beneficial
>for users that are not allowed to elevate or that do not know any
>Administrator password.
Expanding:
This option MUST be used by anyone who does not have administrator
privileges, regardless of their understanding of [what you said]. I
expect that that will prove to be a problem.
If one doesn't have an admin password, one can no longer click on the
link to setup on www.cygwin.com and just run it. One must download it
and run it from the command line with -B. And one needs to know about
-B - there's nothing on the Cygwin home page telling us about it.
(I spend 15-30 minutes yesterday figuring out that my problem with the
new 32-bit setup on Windows 7 Enterprise was that I needed to use -B. I
expect a first time user will take longer and this this will result in
traffic to this list or people just giving up.)
It would be better if the elevation of privileges happened after the GUI
is presented so that the user could choose. It could be chosen at the
"Install for" screen, defaulting to what appropriate for "Everyone" or
"Just me", perhaps with a way to override the default.
Sorry, I'm incapable of writing a patch.
Having said that, I understand that the elevation problem was an issue
for others and I appreciate the effort that went into addressing it.
Best wishes,
- Barry
Disclaimer: Statements made herein are not made on behalf of NIAID.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2013-11-08 19:58 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-02 20:43 How about a 64-bit installer that doesn't require UAC? Bill Welch
2013-11-02 22:35 ` Andrey Repin
2013-11-02 23:05 ` Andrey Repin
2013-11-03 18:45 ` Bill Welch
2013-11-03 19:13 ` Bill Welch
2013-11-04 11:53 ` Corinna Vinschen
2013-11-04 15:59 ` Christopher Faylor
2013-11-04 16:11 ` Corinna Vinschen
2013-11-08 14:01 ` Shaddy Baddah
2013-11-08 18:44 ` Denis Excoffier
2013-11-08 19:58 ` Buchbinder, Barry (NIH/NIAID) [E]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).