X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:mime-version:subject:from
	:in-reply-to:date:content-transfer-encoding:message-id
	:references:to; q=dns; s=default; b=PquOr9fHBKN1IQFzK7XIToL0z+AH
	0Ih1f0hvvpCYeDJU8k4NHmd1B3gTtCcOaJ4xdlLhcs+Lqx1hFK1qGdi/1VNCuu1P
	Wp+JM5NHySU/PiKxGVbmk1jo9ZL6jJSqPe9h9Wi9ptKaVMC9HbJaA5oJIFOYnkRi
	pjj06GcrHDxEXu4=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:mime-version:subject:from
	:in-reply-to:date:content-transfer-encoding:message-id
	:references:to; s=default; bh=Zu+ss/iAfUteEJhpxBKX8Ir1GzY=; b=el
	AAlYUBCTNLbx+/wz/zAgwLxVNJjxIal3iaSHhWErbvIHlkELk4+fFYW3x9/kyalP
	ulohHW9T9990ctRRu87VxboioNznrqNvfUBEUW/O/R+UmS8oPZ51Qmh7MhjDMoyo
	YFvNERikrFQ7OEfRf4iOD4Xdg9+Y8BZjdG18MpQgU=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO:	etr-usa.com
Mime-Version:	1.0 (Mac OS X Mail 7.3 \(1878.6\))
Subject:	Re: /usr/local, /var and */tmp in c:\Users\Public
From:	Warren Young <warren AT etr-usa DOT com>
In-Reply-To:	<CAD8GWstJ+BkbkCJfE_48=b2cg0uzc8pkd1UnevP6-=3DHL+Buw@mail.gmail.com>
Date:	Tue, 18 Nov 2014 14:29:18 -0700
Message-Id:	<72FA6025-B953-41D1-B1EE-D081DC347714@etr-usa.com>
References:	<81578012-FD3F-4463-BC56-ADB092317DD4 AT etr-usa DOT com> <CABa6CEkRV=3FY6ZVGrdt--rH3PppwCJRD5poU0L2knv2k2ce_w AT mail DOT gmail DOT com> <25F385A9-3E2D-44FC-998F-D2672F67DFE4 AT etr-usa DOT com> <m40npq$vrq$1 AT ger DOT gmane DOT org> <ECD073FF-B78C-4D19-8DE1-5F4E390D2495 AT etr-usa DOT com> <20141113093335 DOT GI2782 AT calimero DOT vinschen DOT de> <40005E53-A327-4E4A-8C71-514E505F9FBC AT etr-usa DOT com> <CAD8GWstJ+BkbkCJfE_48=b2cg0uzc8pkd1UnevP6-=3DHL+Buw AT mail DOT gmail DOT com>
To:	cygwin AT cygwin DOT com
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id sAILSvWv001318

On Nov 15, 2014, at 10:55 AM, Lee <ler762 AT gmail DOT com> wrote:

> On 11/13/14, Warren Young   wrote:
>> I installed Cygwin with my regular user account,
> 
> You're doing it wrong.  Install Cygwin using an admin account and
> regular user accounts are not allowed write access to system
> files/directories:

While my idea does have applicability to multi-user Windows systems, I also want it to work without using Admin gymnastics on a single-user Windows system.

That is, I want this:

    $ echo -n "" >> /usr/bin/vi

to fail just as this does:

    $ echo -n "" >> /cygdrive/c/Windows/notepad.exe
    -bash: /cygdrive/c/Windows/notepad.exe: Permission denied

I want them both to fail for the same reason: normal users — whether they are members of group Administrators or not — have no business writing to system files.  Only the installer process (Cygwin Setup in this case) should be able to do that.

For what it’s worth:

$ cd /cygdrive/c/Windows
$ icacls notepad.exe
notepad.exe NT SERVICE\TrustedInstaller:(F)
            BUILTIN\Administrators:(RX)
            NT AUTHORITY\SYSTEM:(RX)
            BUILTIN\Users:(RX)
            APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -