X-Spam-Check-By: sourceware.org
Date: Thu, 30 Nov 2006 16:23:20 +0100
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: backup privileges [was: [ANNOUNCEMENT] Updated: cygwin-1.5.22-1]
Message-ID: <20061130152320.GF8792@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <announce.20061114101219.GB31134@calimero.vinschen.de> <loom.20061129T223812-141@post.gmane.org> <20061130090441.GA25001@calimero.vinschen.de> <Pine.GSO.4.63.0611300942010.10187@access1.cims.nyu.edu> <20061130151411.GE8792@calimero.vinschen.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20061130151411.GE8792@calimero.vinschen.de>
User-Agent: Mutt/1.4.2.2i
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

On Nov 30 16:14, Corinna Vinschen wrote:
> On Nov 30 09:50, Igor Peshansky wrote:
> > Remember how much effort was spent trying to fix Cygwin to work for
> > unprivileged users?  Do you now, all of a sudden, want to break expected
> > behavior for privileged users?
> 
> I'm sorry but I really don't understand the problem.  Cygwin allows
> administrators to do more stuff than what they usually can do when
> running a DOS shell, which is, doing stuff which they can do as admins
> under any POSIX system.  POSIX apps running under a privileged account
> (and the users) usually expect to be able to do stuff which they can't
> when running under a non-admin account, [...]

Just as a side-note, think of sshd which expects to be able to read a
user's authorized_keys file, even if the permissions on the user's files
and directories are set to very strict values.  For security reasons
it's good that the permissions are set to strict values.  Unfortunately
a Cygwin installation so far required to set an extra ACE for the user
running sshd (SYSTEM, sshd_server).  This is also not necessary anymore.
Just like under a POSIX system.


Corinna

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/