/usr/local, /var and */tmp in c:\Users\Public

Lee ler762@gmail.com
Sat Nov 15 18:41:00 GMT 2014

On 11/15/14, Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
> On 11/15/2014 12:55 PM, Lee wrote:
>>> So, just because I installed Cygwin with my regular user account,
>> You're doing it wrong.  Install Cygwin using an admin account and
>> regular user accounts are not allowed write access to system
>> files/directories:
> This feels really wrong to me.  If installing Cygwin under a non-admin
> account results in a potential security vulnerability, then the
> installer should be taking that into account.

I would argue that no, the installer should _not_ take that into
account.  If someone wants to install cygwin under their regular
userid, why should the installer try to work around that?  The files
are installed with the "correct" permissions if the windows admin has
an administrator account for doing admin chores & a regular user
account for doing day to day user tasks.

>  Applications that behave
> differently depending upon how they are installed

It's the file permissions that are different.  As far as I can tell,
cygwin behaves the same when installed by a user for the current user
& when installed as an admin for all users.

> should have in the
> installer an option for
>  * install for all users (requires administrator)
>  * install for the current user

Which the cygwin installer does do.  It's up to the user that wants
the more secure file permissions to install cygwin using an admin
account & have another account for normal day to day use.

Best Regards,

> Where install for current user installs the application configured so
> that the current user account (and not others) can use it.
> Just my two cents.
> Jeffrey Altman

Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list