X-Spam-Check-By: sourceware.org
Date: Thu, 30 Nov 2006 16:23:20 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: backup privileges [was: [ANNOUNCEMENT] Updated: cygwin-1.5.22-1]
Message-ID: <20061130152320.GF8792@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <announce DOT 20061114101219 DOT GB31134 AT calimero DOT vinschen DOT de> <loom DOT 20061129T223812-141 AT post DOT gmane DOT org> <20061130090441 DOT GA25001 AT calimero DOT vinschen DOT de> <Pine DOT GSO DOT 4 DOT 63 DOT 0611300942010 DOT 10187 AT access1 DOT cims DOT nyu DOT edu> <20061130151411 DOT GE8792 AT calimero DOT vinschen DOT de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20061130151411.GE8792@calimero.vinschen.de>
User-Agent: Mutt/1.4.2.2i
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Nov 30 16:14, Corinna Vinschen wrote:
> On Nov 30 09:50, Igor Peshansky wrote:
> > Remember how much effort was spent trying to fix Cygwin to work for
> > unprivileged users?  Do you now, all of a sudden, want to break expected
> > behavior for privileged users?
> 
> I'm sorry but I really don't understand the problem.  Cygwin allows
> administrators to do more stuff than what they usually can do when
> running a DOS shell, which is, doing stuff which they can do as admins
> under any POSIX system.  POSIX apps running under a privileged account
> (and the users) usually expect to be able to do stuff which they can't
> when running under a non-admin account, [...]

Just as a side-note, think of sshd which expects to be able to read a
user's authorized_keys file, even if the permissions on the user's files
and directories are set to very strict values.  For security reasons
it's good that the permissions are set to strict values.  Unfortunately
a Cygwin installation so far required to set an extra ACE for the user
running sshd (SYSTEM, sshd_server).  This is also not necessary anymore.
Just like under a POSIX system.


Corinna

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/