| delorie.com/archives/browse.cgi | search |
Corinna Vinschen wrote: >> We can require Administrators (-544) in /etc/group, and SYSTEM (-18) in >> both /etc/group and /etc/passwd, right? > > Yes. I'm just wondering if we shouldn't check for the Admins group > only. The token of the SYSTEM user always contains the Admins group and > the cyg_server (or whatever the name is) user is always (and should > always) be created as member of the admins group, too. So, if I didn't > miss anything important, the check could be reduced to checking for the > admins group permissions. Does that make sense? It makes sense -- if the following assertion is true for NT/2k/XP, as well as more modern versions of Windows, for both cygwin-1.5 and cygwin-1.7: Admins group access to a file (-...[rwx]... as specified by $2 if group ownership of the file is Administrators, or a sufficient group token in the extended ACLs is present as determined by getfacl) is necessary and sufficient for the SYSTEM user (and/or the special privileged user) to access the file, regardless of the file's actual owner. -- Chuck -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |