Question: Desired owner/group when running setup-1.7.exe
Julio Costa
costaju@gmail.com
Mon Apr 20 22:13:00 GMT 2009
On Mon, Apr 20, 2009 at 18:30, Corinna Vinschen wrote:
>
> I just re-thought the problem and came to a different idea. The whole
> problem seems tyo boil down to other administrators not bein able to
> manipulate Cygwin files in, say, /bin or /usr. But that's not really
> a problem since all Admin users have the right to manipulate all files,
> same as the "root" user on POSIX systems. There's actually no reason
> to add an ACE for administrators.
>
You know, I thought that when I saw the ACE proposal... but then I
decided it would be better to send you a telepathic message rather
than an email <g>
> However, given that all users are in the group "None", using this
> group for the default group ownership for files is rather insecure.
> On a POSIX system the files in the system directories are owned by
> a group which only sys admins are member of. In our case, that would
> be most closely resembled by the Admins group.
>
> So, actually I'm now rather leaning towards solution two.
>
As long as it isn't the do-nothing solution, I'm already happy :)
And thinking more on the subject, it seems that it is really for the
better, because with the solution number 2, there is a coherence
between what you see (group ownership) and what you get
(root-admin-like permissions).
BUT, may I make one last wish? I think that if this is important
enough to change in setup.exe, I think it is equally important to
maintain after installation, by implementing the same algorith in (at
least) mkpasswd to avoid incoherence.
The change (if solution 2) is in the algorithm for determining gid -
instead of blindly take the primary group, add some tests for admins
and act accordingly; this same algorithm should be in mkpasswd, so
that all would be transparent and coherent after the deploy of
packages.
PS: I know, we can always edit passwd by hand. But this is more a
question of why should we, when we already identified that there's a
need for change in the gid algorithm?
> Sorry for the to and fro :}
>
Sorry for being sticky - but I still believe these kind of changes are
for the best on Cygwin's interoperability.
--
___________
Julio Costa
More information about the Cygwin-apps
mailing list