Mailing-List: contact cygwin-help@sourceware.cygnus.com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@sources.redhat.com>
List-Help: <mailto:cygwin-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@sources.redhat.com
Delivered-To: mailing list cygwin@sources.redhat.com
Message-ID: <3B6989B1.7070309@ece.gatech.edu>
Date: Thu, 02 Aug 2001 13:11:13 -0400
From: Charles Wilson <cwilson@ece.gatech.edu>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010713
X-Accept-Language: en-us
MIME-Version: 1.0
To: Corinna Vinschen <cygwin@cygwin.com>
Subject: Re: ntsec, passwd, and group issues again
References: <01C11AF9.641EBF00.jorgens@coho.net> <20010802115301.A23782@cygbert.vinschen.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Corinna Vinschen wrote:


> 
> Not really. setup.exe doesn't handle permissions at all.
> Charles Wilson has written a small perl script which can do that
> but I'm not sure how that will go into the next version.
> It hasn't been discussed yet.


Well, it's ugly.  My little shell script can remove the inheritance 
property from a directory -- but that's all.  And sometimes doing that 
causes problem; I've noticed that in some directories after having the 
inheritance property removed, the children (files and dirs) no longer 
have ANY security descriptors and are inaccessible even by their owner.

I had to manually fix these unruly children using the Windows GUI (take 
ownership, reset all permissions, etc).  Unfortunately, every case is 
different. Even on my "single user" box -- just me and 
me-as-Administrator -- different dirs "misbehave" differently.

I really don't think "cleaning up" the colorful mess of security 
descriptors can be done accurately, unless:

you just go with the brute force approach: change ownership of 
everything under cygwin '/' to Administrator.None with perms rw?rw?r-? 
and the bare minimum of "extra" SD's.  But that's NOT something that 
should be done automatically by setup.  Perhaps an executable or shell 
script that users with problems could run -- as Administrator, but it 
shouldn't be a default part of the setup procedure.

--Chuck



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/