[1.7] Setup.exe default ownership of files in fresh install [Admin:None?]

Corinna Vinschen corinna-cygwin@cygwin.com
Sat Apr 18 09:43:00 GMT 2009 

On Apr 17 16:35, Julio Costa wrote:
> On Fri, Apr 17, 2009 at 14:56, Corinna Vinschen wrote:
> > Why is that a problem for sharing the
> > data with others?
> >
> [...]
> Currently it is assigned to the 'None' group. That's does not SEEM to
> be useful, even if it doesn't break anything at the surface.
> The mkpasswd also has the same "problem":

It's not at all a problem.  It's pure Windows.

> Administrator@vmguest ~
> $ mkpasswd -l -u Administrator
> Administrator:unused:500:513:U-VMGUEST\Administrator,S-1-5-21-221598610-1224240008-1772044280-500:/home/Administrator:/bin/bash
> 
> Administrator@vmguest ~
> $ id
> uid=500(Administrator) gid=513(None)
> groups=0(root),544(Administrators),545(Users),513(None)
> 
> Why it does not show gid=544(Administrators) or even gid=0(root)? Is
> this something so fundamentally different from POSIX?

Not at all.  It's exactly what's in your user token.  The group "None"
is the primary group for all non-Domain user accounts.  This is not
changable in Windows.  Only domain users can be assigned another default
primary group.(*)

> There is a similar problem with a domain user:
> 
> domainuser@vmguest ~
> $ mkpasswd -d -u domainuser
> DOMAINUSER:unused:18606:10513:U-DOMAIN\DOMAINUSER,S-1-5-21-682003330-2049763794-1831674531-8606:/home/DOMAINUSER:/bin/bash
> 
> domainuser@vmguest ~
> $ id
> uid=18606(domainuser) gid=10513(Domain Users)
> groups=0(root),544(Administrators),545(Users),10513(Domain Users)
> 
> Once again, a logic output should be gid=544(Administrators) or even
> gid=0(root)...

No, it's not logical.  It might be desired by you, but it's not fact
in Windows.

> In the first installations I've made I were logged on with this domain
> user, and that proved to be the worst case, because the 'Domain Users'
> default group assigned to the cygwin root turned Cygwin not accessible
> even by Administrator(!)... see what I mean?

No, for three reasons.  First of all, admins have all permissions to
access all the files and directories anyway in Cygwin 1.7.  Second, even
ignoring this, the admins would have read and execute permissions.
Third, chown -R is your friend.  The important thing is that the
permissions are set correctly.  If you don't like the ownership, you
can change it.(*)

(*) You can also tweak the user token of a running process to switch to
    another primary group, as long as the new primary group is already
    in the token's group list.  That's what Cygwin is capable of and
    what's it's doing if you manually changed your primary group in
    /etc/passwd, see http://cygwin.com/1.7/cygwin-ug-net/ntsec.html

    That's something setup could do as well, maybe, setting the primary
    group to Administrators if the user's token contains the
    Administrators group in the group list.  But it wouldn't change
    anything since the group's permissions are in 99% of the cases also
    only r-x or r--, same as other's permissions.

    Or, if the user is an admin user, setup could set the owner to the
    admins group rather than to the current user.  My toenails are
    coiling up at that idea since I hated this behaviour already in NT4
    times.  But it might be the simplest solution which makes almost
    everybody happy.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

More information about the Cygwin-apps mailing list