Mail Archives: cygwin/2004/10/20/12:39:33
On Wed, 20 Oct 2004, luke.kendall wrote:
> We always choose "Setup for all users" when running Setup, and leave
> ntsec turned on (that's the default I believe, which seems good), and we
> normally install on NTFS under XP professional.
>
> Can I get some advice on how to handle the following situation?
>
> 1) Cygwin is installed by one user (a system administrator).
>
> 2) The intended user ("owner") of the PC is given administrator rights,
> so they can install extra software as needed for their job.
>
> 3) Some time later, the "owner" tries to update Cygwin.
>
> Currently, we tend to have problems with step 3 failing because the
> user/"owner" isn't the owner of the Cygwin files.
>
> Previously, our post-install scripts used to simply do this:
>
> #
> # We want CYGPATH of the mixed form, like C:/cygwin, so that we restrict
> # ourselves to local files, not network drives that we'd see if we started
> # at "/" (since we'd see /cygdrive/x, and we seem to get //bin and //etc
> # which aren't network names).
> #
> CYGPATH=`cygpath -m /`
> #
> # Allow any Administrator to install more Cygwin packages:
> #
> ### I'm not sure that's good: some files, like mail, ssh, may require special
> ### owners.
> #echo "Allowing any Administrator to install more Cygwin packages..."
> chown -R Administrator.SYSTEM "$CYGPATH"
> chown -R Administrator "$CYGPATH"
>
> But I've recently commented that out, since it would break ssh (and
> presumably, random other things).
>
> My best guess at present is, after creating /etc/passwd and /etc/group
> for the domain and all users, our post-install script should do a
> find -user $INSTALLER -print0 | xargs -0 chown Administrator.SYSTEM
> (where $INSTALLER is the system administrator who installs Cygwin).
>
> Would this work if done by the normal user of the PC (the "owner", who
> has Administrator rights)?
>
> Does this approach sound correct? Workable? Any advice is welcome.
> How do others handle this situation?
>
> This ownership change would also need to be done after an install done
> by "ghosting" the hard drive following a Cygwin install to create a
> generic system image.
>
> luke
Try 'chown'ing to Administrators.SYSTEM (note the "s") instead of
Administrator.SYSTEM (i.e., "chown 544:18"). That way, anyone in the
Administrators group will be able to manipulate the files. You'll need to
carefully exclude ~/.ssh and some other stuff (better yet, don't change
anything not owned by the installing user -- see chown's --from flag).
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D.
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"Happiness lies in being privileged to work hard for long hours in doing
whatever you think is worth doing." -- Dr. Jubal Harshaw
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -