This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: backup privileges [was: [ANNOUNCEMENT] Updated: cygwin-1.5.22-1]

On Thu, 30 Nov 2006, Corinna Vinschen wrote:

> On Nov 29 21:53, Eric Blake wrote:
> [snip]
> > But it does beg the question of whether it should be configurable
> > whether a user WANTS to use backup privileges to bypass ACLs.  It
> > seems like cygwin is very often installed by users that happen to have
> > Administrator privileges, but who don't know any better that they must
> > be careful (in particular, think of home users).  For the same reasons
> > that you don't normally run as root on Linux, even when you know the
> > root password, you shouldn't normally be allowing
> Which gives us a lesson known for ages.  Don't run under admin
> privileges, except you have to.  By allowing an admin user everything
> which an admin user has the right to do, Cygwin is not different then
> when running under root on Linux.
> And, probably I'll get shot down for saying that, Cygwin is not intended
> for users who don't know what they are doing.  There are other tools out
> there which happen to serve that target audience well.

Speaking of getting shot down, I have a feeling I'm about to be.  Still,
while in Linux it's possible (and recommended) to not work as root most of
the time, in Windows I've run into situations time and time again where an
application *requires* the user to have administrative privileges, or
else.  Yes, those are badly written applications, and ought to be fixed,
but they are commercial apps that are sometimes used not by choice, but by
necessity (enforced by employers, etc), and getting them fixed in any
useful timeframe is, unfortunately, not an option.  IOW, while it's
reasonable to require that a user not run as root on Linux, it's, IMO,
unreasonable to make the same requirement under Windows.

> Btw., when running under Vista, a default shell for the administrator
> will run under a reduced privilege set which does not contain backup and
> restore rights.  That's exactly what you're asking for without having to
> add another flag to Cygwin.  This does not help when you run the shell
> with full privilege set of course, which is still quite easy to
> accomplish.  So, for all OSes, even for Vista, the answer is what every
> good doctor will tell you:  "Don't do that then."

I wish that were possible.  However, as was said before by many others,
Cygwin is a Windows application, and should, if not play nice, at least
not interfere with other Windows applications.  This, in turn, means that
any global requirement of this sort imposed by Cygwin is unreasonable.

Remember how much effort was spent trying to fix Cygwin to work for
unprivileged users?  Do you now, all of a sudden, want to break expected
behavior for privileged users?
      |\      _,,,---,,_ |
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Freedom is just another word for "nothing left to lose"...  -- Janis Joplin

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]