This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: /usr/local, /var and */tmp in c:\Users\Public


On Nov 15, 2014, at 10:55 AM, Lee <ler762@gmail.com> wrote:

> On 11/13/14, Warren Young   wrote:
>> I installed Cygwin with my regular user account,
> 
> You're doing it wrong.  Install Cygwin using an admin account and
> regular user accounts are not allowed write access to system
> files/directories:

While my idea does have applicability to multi-user Windows systems, I also want it to work without using Admin gymnastics on a single-user Windows system.

That is, I want this:

    $ echo -n "" >> /usr/bin/vi

to fail just as this does:

    $ echo -n "" >> /cygdrive/c/Windows/notepad.exe
    -bash: /cygdrive/c/Windows/notepad.exe: Permission denied

I want them both to fail for the same reason: normal users — whether they are members of group Administrators or not — have no business writing to system files.  Only the installer process (Cygwin Setup in this case) should be able to do that.

For what it’s worth:

$ cd /cygdrive/c/Windows
$ icacls notepad.exe
notepad.exe NT SERVICE\TrustedInstaller:(F)
            BUILTIN\Administrators:(RX)
            NT AUTHORITY\SYSTEM:(RX)
            BUILTIN\Users:(RX)
            APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]