Mail Archives: cygwin/2012/02/29/04:26:57
On Feb 28 22:41, Corinna Vinschen wrote:
> The culprit is setup.exe apparently. If it sets 1777 permissions, it
> uses the same permissions for the inheritable default permissions. It
> should remove the write bits before creating the inheritable default
> permissions. In Cygwin this is controlled by the umask, but setup
> doesn't know about a umask.
>
> So, the correct solution is to change setup.exe to create less dangerous
> default permissions for the Win32 apps in case of 1777 dirs. That makes
> the tmp/temp stuff in etc/profile unnecessary.
I just applied a fix to setup so that the default permissions for dirs
created with the sticky bit (t) set don't contain write permissions for
group and other. I see to it that it will be uploaded to cygwin.com
shortly.
> The *big* problem are the already existing /tmp dirs with bad permissions
> throughout the Cygwin users.
>
> David, instead of setting tmp/temp, What about adding the following line
> to /etc/profile?
>
> setfacl -m d:g::r-x,d:o:r-x /home /tmp /usr/tmp /var/log /var/run /var/tmp 2>/dev/null
>
> That sets the list of directories created with 1777 permissions by
> setup.exe itself to more sane permissions. Maybe it could be combined
> with a marker file, along these lines:
>
> if [ ! -f /etc/.177fix ]
> then
> setfacl -m d:g::r-x,d:o:r-x /home /tmp /usr/tmp /var/log /var/run /var/tmp 2> /dev/null && touch /etc/.177fix
> fi
That should have been /etc/.1777fix, of course. I think something like
this is necessary since it makes sure that setfacl is called once by a
user with the right permissions and then it's just ignored ever after.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -