X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 q=dns; s=default; b=ETWDUJiRjFola70AZzPgIqdPmU5WXsyYi58ikG2+yBm
	nVRkodxJewtMGDslAuezzk2hydhgYUslPsdsVYqf2ISSFzEaL+5NOGEheEoeKQQ+
	gn3AweRKGZgxdncvdU0CKg0SDkFHftXgw0Z+r+bbi0Q43STQ7VWVSVxL/6JHfaUY
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 s=default; bh=CS/wMPvPVcsJ9vNWHpen41TcqPc=; b=Y4z1yZyZMSxtW8JFH
	UF0puaQEvihZY0XnCgkmidhMbKPh/7hN715k3omnJ0rt5RPmwoM0tW8FrIfQPi+x
	OSCTD+NojACSIX8dbJqdq7ls/bvcFJxa/VkIk+hFVD2PoALsPKphOeKHhg2E1gWo
	LhlV9k7ZNABJkmhCgpnd7glG98=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-6.0 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2 autolearn=ham version=3.3.1 spammy=SYSTEM, Linda, H*r:192.168.3, ACL
X-HELO: Ishtar.sc.tlinx.org
Message-ID: <5CF96D18.6070801@tlinx.org>
Date: Thu, 06 Jun 2019 12:44:24 -0700
From: L A Walsh <cygwin@tlinx.org>
User-Agent: Thunderbird
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: how do i create a trusted-installer? (was Re: Trying to create default ACL entries to match file ACL entries)
References: <5CF6C7A8.6090902@tlinx.org> <31d3c868824fc32a16ce8a10e130d72b@plebeian.com>
In-Reply-To: <31d3c868824fc32a16ce8a10e130d72b@plebeian.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

On 2019/06/04 14:34, Chris Wagner wrote:
> Hi Linda, / is just a mount to something like C:\Cygwin64 so there is no 
> problem in changing it.
>   
----
    Uh...about that....oh my system '/' points to 'C:\'.  Isn't life fun!

I think I finally got it.  I broke down and used "icacls" for fine tuning
and now seem to have:
\ NT SERVICE\TrustedInstaller:(F)
  NT SERVICE\TrustedInstaller:(OI)(CI)(F)
  Bliss\law:(OI)(CI)(F)
  BLISS\lawgroup:(OI)(CI)(F)
  BLISS\Domain Admins:(OI)(CI)(F)
  BLISS\Domain Users:(OI)(CI)(RX)
  BUILTIN\Administrators:(OI)(CI)(F)
  NT AUTHORITY\SYSTEM:(OI)(CI)(F)
  BUILTIN\Users:(OI)(CI)(RX)
  Mandatory Label\High Mandatory Level:(OI)(CI)(NW)


FWIW, BTW, I have two scripts (one in perl, one in shell) that convert
from a SID<->a hex value as you might see in the registry, and back
again.  As much as I've been able to test they seem correct. and agree
with other tools of the same
ilk.  You probably have your own, but if not, they are fairly trivial
and being in either shell or perl they aren't too difficult to understand.

If there is a want, I can just post them here, neither is very long.
> wc sidhex_xlate.{pl,sh}
 127  422 3067 sidhex_xlate.pl
 193  566 4697 sidhex_xlate.sh
 320  988 7764 total

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple