This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: backup privileges


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Igor Peshansky on 11/30/2006 7:50 AM:
> Speaking of getting shot down, I have a feeling I'm about to be.  Still,
> while in Linux it's possible (and recommended) to not work as root most of
> the time, in Windows I've run into situations time and time again where an
> application *requires* the user to have administrative privileges, or
> else.  Yes, those are badly written applications, and ought to be fixed,
> but they are commercial apps that are sometimes used not by choice, but by
> necessity (enforced by employers, etc), and getting them fixed in any
> useful timeframe is, unfortunately, not an option.  IOW, while it's
> reasonable to require that a user not run as root on Linux, it's, IMO,
> unreasonable to make the same requirement under Windows.

I highly agree with this point.  Commercial Windows apps tend to be more
cavalier about doing stupid things that needlessly require admin rights.

> 
>> Btw., when running under Vista, a default shell for the administrator
>> will run under a reduced privilege set which does not contain backup and
>> restore rights.

In a similar vein, Solaris 10 provides a capability for privileged
processes to unlink() directories; great for cleaning up a damaged file
system.  But it ALSO provides the ability for privileged processes to
forfeit this right, for the more traditional behavior where unlink(dir)
fails with EPERM and you must use rmdir() instead.  So on Solaris, GNU rm
actually checks for this privilege, and purposefully disables it, because
the recursive removal algorithm is actually easier and more efficient to
implement by blindly attempting unlink on everything, and recursing on
failure; whereas with the full capabilities, you must call stat before
every unlink or risk leaving unreachable disk space that can only be
reclaimed by fsck (and still risk a data race, if between the stat and the
unlink, a file was replaced by a directory).

>>  That's exactly what you're asking for without having to
>> add another flag to Cygwin. 

Except that it only helps Vista users, but right now, there is a much
larger installed user base that cannot get this property of voluntarily
giving up superuser rights for less surprising behavior.  I still think a
cygwin flag would be useful.

- --
Life is short - so eat dessert first!

Eric Blake             ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFb6ym84KuGfSFAYARArVGAJ9kOQQW5Lqaudqf1qtA2dX10VsvMACeJiMb
OP0mzHhNiWOg9834/63ZufU=
=5w+8
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]