This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Avoiding /etc/passwd and /etc/group scans


On Tue, Oct 22, 2002 at 05:48:33PM -0400, Pierre A. Humblet wrote:
>Christopher Faylor wrote:
>>
>> Why would that matter?  If setting reasonable acls is going to hurt the
>> CYGWIN=nontsec case then that's not good either.
>
>Setting reasonable acls has no negative impact, neither with ntsec nor
>with nontsec. nontsec has two main effects;

I thought as much.  I didn't think that setup decisions were gated on
CYGWIN=ntsec being the default.

>1) It reports the modes blindly as 644, while making some effort about the
>x bits, *irrespective* of the Windows access rights.
>
>2) It always  reports success on chown, chmod etc... while actually
>doing nothing (except sometimes setting the files readonly).

Right.

I wonder if we should different levels of ntsec operation.  Would it
make sense to recognize file permissions at ntsec=1, file ownership at
ntsec=3, and setuid at ntsec=4, or something like that?

>>>Here's a short term workaround, until we fix setup.exe.
>>>
>>>Add a .bat file as a postinstall script that scans the cygwin tree and
>>>sets executable rights to .exe and .dll files using the cacls command.
>>
>>If it is that simple, then sure.  Pierre is this doable?
>
>Surely yes if the user running setup is a member of the administrators
>group and the drive is local.  Answer probably more complicated if he
>isn't in administrators or the files are on a network drive.  You can
>use cygwin programs to do that, if they were extracted with x
>permission and ntsec is on.
>
>I am completely in the dark about what your ultimate goal is.  was
>there an earlier discussion?

I think the goal was to ensure that .exe files are always executable.

cgf


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]