X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:mime-version:subject:from
	:in-reply-to:date:content-transfer-encoding:message-id
	:references:to; q=dns; s=default; b=PquOr9fHBKN1IQFzK7XIToL0z+AH
	0Ih1f0hvvpCYeDJU8k4NHmd1B3gTtCcOaJ4xdlLhcs+Lqx1hFK1qGdi/1VNCuu1P
	Wp+JM5NHySU/PiKxGVbmk1jo9ZL6jJSqPe9h9Wi9ptKaVMC9HbJaA5oJIFOYnkRi
	pjj06GcrHDxEXu4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:mime-version:subject:from
	:in-reply-to:date:content-transfer-encoding:message-id
	:references:to; s=default; bh=Zu+ss/iAfUteEJhpxBKX8Ir1GzY=; b=el
	AAlYUBCTNLbx+/wz/zAgwLxVNJjxIal3iaSHhWErbvIHlkELk4+fFYW3x9/kyalP
	ulohHW9T9990ctRRu87VxboioNznrqNvfUBEUW/O/R+UmS8oPZ51Qmh7MhjDMoyo
	YFvNERikrFQ7OEfRf4iOD4Xdg9+Y8BZjdG18MpQgU=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: etr-usa.com
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Subject: Re: /usr/local, /var and */tmp in c:\Users\Public
From: Warren Young <warren AT etr-usa DOT com>
In-Reply-To: <CAD8GWstJ+BkbkCJfE_48=b2cg0uzc8pkd1UnevP6-=3DHL+Buw@mail.gmail.com>
Date: Tue, 18 Nov 2014 14:29:18 -0700
Message-Id: <72FA6025-B953-41D1-B1EE-D081DC347714@etr-usa.com>
References: <81578012-FD3F-4463-BC56-ADB092317DD4 AT etr-usa DOT com>	<CABa6CEkRV=3FY6ZVGrdt--rH3PppwCJRD5poU0L2knv2k2ce_w AT mail DOT gmail DOT com>	<25F385A9-3E2D-44FC-998F-D2672F67DFE4 AT etr-usa DOT com>	<m40npq$vrq$1 AT ger DOT gmane DOT org>	<ECD073FF-B78C-4D19-8DE1-5F4E390D2495 AT etr-usa DOT com>	<20141113093335 DOT GI2782 AT calimero DOT vinschen DOT de>	<40005E53-A327-4E4A-8C71-514E505F9FBC AT etr-usa DOT com> <CAD8GWstJ+BkbkCJfE_48=b2cg0uzc8pkd1UnevP6-=3DHL+Buw AT mail DOT gmail DOT com>
To: cygwin AT cygwin DOT com
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id sAILSvWv001318

On Nov 15, 2014, at 10:55 AM, Lee <ler762 AT gmail DOT com> wrote:

> On 11/13/14, Warren Young   wrote:
>> I installed Cygwin with my regular user account,
> 
> You're doing it wrong.  Install Cygwin using an admin account and
> regular user accounts are not allowed write access to system
> files/directories:

While my idea does have applicability to multi-user Windows systems, I also want it to work without using Admin gymnastics on a single-user Windows system.

That is, I want this:

    $ echo -n "" >> /usr/bin/vi

to fail just as this does:

    $ echo -n "" >> /cygdrive/c/Windows/notepad.exe
    -bash: /cygdrive/c/Windows/notepad.exe: Permission denied

I want them both to fail for the same reason: normal users — whether they are members of group Administrators or not — have no business writing to system files.  Only the installer process (Cygwin Setup in this case) should be able to do that.

For what it’s worth:

$ cd /cygdrive/c/Windows
$ icacls notepad.exe
notepad.exe NT SERVICE\TrustedInstaller:(F)
            BUILTIN\Administrators:(RX)
            NT AUTHORITY\SYSTEM:(RX)
            BUILTIN\Users:(RX)
            APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple