X-Spam-Check-By: sourceware.org Message-ID: <456FACA6.5010507@byu.net> Date: Thu, 30 Nov 2006 21:16:38 -0700 From: Eric Blake User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Thunderbird/1.5.0.8 Mnenhy/0.7.4.666 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: backup privileges References: <20061130090441 DOT GA25001 AT calimero DOT vinschen DOT de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Igor Peshansky on 11/30/2006 7:50 AM: > Speaking of getting shot down, I have a feeling I'm about to be. Still, > while in Linux it's possible (and recommended) to not work as root most of > the time, in Windows I've run into situations time and time again where an > application *requires* the user to have administrative privileges, or > else. Yes, those are badly written applications, and ought to be fixed, > but they are commercial apps that are sometimes used not by choice, but by > necessity (enforced by employers, etc), and getting them fixed in any > useful timeframe is, unfortunately, not an option. IOW, while it's > reasonable to require that a user not run as root on Linux, it's, IMO, > unreasonable to make the same requirement under Windows. I highly agree with this point. Commercial Windows apps tend to be more cavalier about doing stupid things that needlessly require admin rights. > >> Btw., when running under Vista, a default shell for the administrator >> will run under a reduced privilege set which does not contain backup and >> restore rights. In a similar vein, Solaris 10 provides a capability for privileged processes to unlink() directories; great for cleaning up a damaged file system. But it ALSO provides the ability for privileged processes to forfeit this right, for the more traditional behavior where unlink(dir) fails with EPERM and you must use rmdir() instead. So on Solaris, GNU rm actually checks for this privilege, and purposefully disables it, because the recursive removal algorithm is actually easier and more efficient to implement by blindly attempting unlink on everything, and recursing on failure; whereas with the full capabilities, you must call stat before every unlink or risk leaving unreachable disk space that can only be reclaimed by fsck (and still risk a data race, if between the stat and the unlink, a file was replaced by a directory). >> That's exactly what you're asking for without having to >> add another flag to Cygwin. Except that it only helps Vista users, but right now, there is a much larger installed user base that cannot get this property of voluntarily giving up superuser rights for less surprising behavior. I still think a cygwin flag would be useful. - -- Life is short - so eat dessert first! Eric Blake ebb9 AT byu DOT net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFb6ym84KuGfSFAYARArVGAJ9kOQQW5Lqaudqf1qtA2dX10VsvMACeJiMb OP0mzHhNiWOg9834/63ZufU= =5w+8 -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/