This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Shell scripts [was Re: Avoiding /etc/passwd and /etc/group scans]


On Tue, Oct 22, 2002 at 09:05:18PM -0400, Pierre A. Humblet wrote:
>At 05:33 PM 10/22/2002 -0400, Christopher Faylor wrote:
>>>About the shell scripts, I will look at your patch tonight.
>
>All your changes in fhandler_disk_file.cc are in the branch with
>get_file_attribute () != 0, Thus they do not apply to successful calls
>with ntsec.

No, they're not.

I moved the '#!' check outside of the get_file_attribute test entirely.
I had originally moved the .exe check outside of the block but that didn't
make any sense, in hindsight, since it just forced cygwin to report .exe
files as executable when windows couldn't actually execute them.

This is not the problem for '#!' scripts, however.  Cygwin can execute
them regardless of whether ntsec or Windows thinks they're executable
or not.

>>>Why do you want to be different from regular Unix and report x
>>>just because the file starts with #! ?
>>>Why not force the user to chmod +x the scripts, for them to be
>>>executable?
>>
>>I am just trying to minimize the impact on users.  For purity sake,
>>I'd rather leave things as they were, actually.
>>
>OK, it would be very disturbing to change the behavior of scripts
>and suddenly force them to have an ACL allowing execution in order
>to execute them. 
>But what needs to be changed in the mode display? 

It's not just "mode display".  It affects whether a script will be
executed or not.

>Actually I would also rather leave things as they were!
>
>At first I was afraid you would always show x for scripts, even when 
>ntsec is on. IMHO this would be a bad idea. For example chmod would start
>behaving unexpectedly.

That is exactly what the change does.  This isn't just for display.

We've made ntsec the default but there are possibly a number of people
out there who have never done a 'chmod a+x foo' on their shell scripts.
Until we have a consistent story on how to solve their problems, I think
it makes sense to make '#!' always executable.

I'm willing to be swayed on this but, so far, it doesn't seem like anyone
is effectively communicating with anyone else here.  We need to get on
the same page wrt the problems and how we are going to solve them.

cgf


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]