This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: /usr/local, /var and */tmp in c:\Users\Public
- From: Warren Young <warren at etr-usa dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 18 Nov 2014 14:29:18 -0700
- Subject: Re: /usr/local, /var and */tmp in c:\Users\Public
- Authentication-results: sourceware.org; auth=none
- References: <81578012-FD3F-4463-BC56-ADB092317DD4 at etr-usa dot com> <CABa6CEkRV=3FY6ZVGrdt--rH3PppwCJRD5poU0L2knv2k2ce_w at mail dot gmail dot com> <25F385A9-3E2D-44FC-998F-D2672F67DFE4 at etr-usa dot com> <m40npq$vrq$1 at ger dot gmane dot org> <ECD073FF-B78C-4D19-8DE1-5F4E390D2495 at etr-usa dot com> <20141113093335 dot GI2782 at calimero dot vinschen dot de> <40005E53-A327-4E4A-8C71-514E505F9FBC at etr-usa dot com> <CAD8GWstJ+BkbkCJfE_48=b2cg0uzc8pkd1UnevP6-=3DHL+Buw at mail dot gmail dot com>
On Nov 15, 2014, at 10:55 AM, Lee <ler762@gmail.com> wrote:
> On 11/13/14, Warren Young wrote:
>> I installed Cygwin with my regular user account,
>
> You're doing it wrong. Install Cygwin using an admin account and
> regular user accounts are not allowed write access to system
> files/directories:
While my idea does have applicability to multi-user Windows systems, I also want it to work without using Admin gymnastics on a single-user Windows system.
That is, I want this:
$ echo -n "" >> /usr/bin/vi
to fail just as this does:
$ echo -n "" >> /cygdrive/c/Windows/notepad.exe
-bash: /cygdrive/c/Windows/notepad.exe: Permission denied
I want them both to fail for the same reason: normal users — whether they are members of group Administrators or not — have no business writing to system files. Only the installer process (Cygwin Setup in this case) should be able to do that.
For what it’s worth:
$ cd /cygdrive/c/Windows
$ icacls notepad.exe
notepad.exe NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(RX)
NT AUTHORITY\SYSTEM:(RX)
BUILTIN\Users:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple