Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Wed, 20 Oct 2004 12:31:40 -0400 (EDT) From: Igor Pechtchanski Reply-To: cygwin AT cygwin DOT com To: luke DOT kendall AT cisra DOT canon DOT com DOT au cc: cygwin AT cygwin DOT com Subject: Re: How to update after a change of user? In-Reply-To: <20041020001928.D634C83603@pessard.research.canon.com.au> Message-ID: References: <20041020001928 DOT D634C83603 AT pessard DOT research DOT canon DOT com DOT au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Scanned-By: MIMEDefang 2.39 On Wed, 20 Oct 2004, luke.kendall wrote: > We always choose "Setup for all users" when running Setup, and leave > ntsec turned on (that's the default I believe, which seems good), and we > normally install on NTFS under XP professional. > > Can I get some advice on how to handle the following situation? > > 1) Cygwin is installed by one user (a system administrator). > > 2) The intended user ("owner") of the PC is given administrator rights, > so they can install extra software as needed for their job. > > 3) Some time later, the "owner" tries to update Cygwin. > > Currently, we tend to have problems with step 3 failing because the > user/"owner" isn't the owner of the Cygwin files. > > Previously, our post-install scripts used to simply do this: > > # > # We want CYGPATH of the mixed form, like C:/cygwin, so that we restrict > # ourselves to local files, not network drives that we'd see if we started > # at "/" (since we'd see /cygdrive/x, and we seem to get //bin and //etc > # which aren't network names). > # > CYGPATH=`cygpath -m /` > # > # Allow any Administrator to install more Cygwin packages: > # > ### I'm not sure that's good: some files, like mail, ssh, may require special > ### owners. > #echo "Allowing any Administrator to install more Cygwin packages..." > chown -R Administrator.SYSTEM "$CYGPATH" > chown -R Administrator "$CYGPATH" > > But I've recently commented that out, since it would break ssh (and > presumably, random other things). > > My best guess at present is, after creating /etc/passwd and /etc/group > for the domain and all users, our post-install script should do a > find -user $INSTALLER -print0 | xargs -0 chown Administrator.SYSTEM > (where $INSTALLER is the system administrator who installs Cygwin). > > Would this work if done by the normal user of the PC (the "owner", who > has Administrator rights)? > > Does this approach sound correct? Workable? Any advice is welcome. > How do others handle this situation? > > This ownership change would also need to be done after an install done > by "ghosting" the hard drive following a Cygwin install to create a > generic system image. > > luke Try 'chown'ing to Administrators.SYSTEM (note the "s") instead of Administrator.SYSTEM (i.e., "chown 544:18"). That way, anyone in the Administrators group will be able to manipulate the files. You'll need to carefully exclude ~/.ssh and some other stuff (better yet, don't change anything not owned by the installing user -- see chown's --from flag). Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "Happiness lies in being privileged to work hard for long hours in doing whatever you think is worth doing." -- Dr. Jubal Harshaw -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/