This is the mail archive of the
mailing list for the Cygwin project.
Re: More about permissions
- From: Eliot Moss <moss at cs dot umass dot edu>
- To: cygwin at cygwin dot com
- Date: Tue, 31 Mar 2015 20:41:12 -0400
- Subject: Re: More about permissions
- Authentication-results: sourceware.org; auth=none
- References: <551A13D8 dot 1030701 at cs dot umass dot edu> <20150331101534 dot GE32403 at calimero dot vinschen dot de> <551A9149 dot 4020408 at cs dot umass dot edu> <1837571490 dot 20150331235503 at yandex dot ru>
- Reply-to: moss at cs dot umass dot edu
On 3/31/2015 4:55 PM, Andrey Repin wrote:
>> I am not sure this particular program (CrashPlan) works that way.
That's not program property, but the user you run the program from.
Perhaps, but it runs as a background service. I never explicitly said what
user it runs as, etc.
Looking in Services, I see is logs on as "Local System account". Using
Process Explorer, it appears to run without SEBackup/Restore privileges.
Since the program has to request them itself as it runs, I don't see any
good way to fix this.
I think i've explained it earlir, but here's it again:
In POSIX model, root have implicit permissions.
In Windows model, there NO implicit permissions at all. Everything should be
explicitly assigned. I.e. SeBackupRestore privilege.
If you deny SYSTEM access to a file, OS will not be able to do anything about
it. Been there, blocked changes to cmd.exe when I was experimenting with 4NT.
(And cmd.exe was in fact renamed 4nt.exe.) None of the Windows autotools were
able to get around it.
Yes, I get that. Hence my desire to grant SYSTEM:rwx on everything.
What we seem to have ended up with here, though, is that the
root privileges are explicit and are exposed in the ordinary permissions visible
with, say, ls -l. This is not natural from a POSIX point of view (I claim);
otherwise, we'd more or less show access of rwxrwxrwx on everything in POSIX.
Now where this really makes a difference is when I am transferring files between my Windows
system and other systems that are Unix-based, using git, rsync, and such tools.
Either I remove SYSTEM access or the permissions get messed up.
Maybe what I am looking for is something like this:
- Certain Windows accounts/groups would be treated as 'root' for cygwin's
purposes, perhaps controlled by a list in a file read when cygwin starts up.
The list would be very short. "NT AUTHORITY\SYSTEM".
Ok -- I would be happy with that, rather than having g+rwx happening to every
file because I am granting SYSTEM access.
Do you begin to see the bind I feel myself in?
Regards -- Eliot
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple