Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT cygwin DOT com Delivered-To: mailing list cygwin-developers AT cygwin DOT com Subject: Re: Solving ntsec problems? From: Robert Collins To: "Pierre A. Humblet" Cc: cygwin-developers AT cygwin DOT com In-Reply-To: <3.0.5.32.20021103233543.00816100@mail.attbi.com> References: <20021103215859 DOT GA21874 AT redhat DOT com> <20021103180437 DOT GA19854 AT redhat DOT com> <3 DOT 0 DOT 5 DOT 32 DOT 20021103142141 DOT 00815cf0 AT h00207811519c DOT ne DOT client2 DOT attbi DOT com> <20021103215859 DOT GA21874 AT redhat DOT com> <3 DOT 0 DOT 5 DOT 32 DOT 20021103233543 DOT 00816100 AT mail DOT attbi DOT com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-V7j00vGkGI9f0kUr60lI" Date: 04 Nov 2002 15:40:40 +1100 Message-Id: <1036384840.22120.51.camel@lifelesswks> Mime-Version: 1.0 --=-V7j00vGkGI9f0kUr60lI Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2002-11-04 at 15:35, Pierre A. Humblet wrote: > At 09:09 AM 11/4/2002 +1100, Robert Collins wrote: > >I'd rather extract the ntsec unix->win32 acl logic to a static library > >that both cygwin1.dll and setup.exe can incorporate.=20 >=20 > Isolating ntsec in a library is a big job, unnecessary.=20 > Setup probably needs only a small part of ntsec. Copying some=20 > functions from sec_acl.cc and security.cc should be enough. And will inevitable lead to skew in the future. Besides which, we don't need *all* of ntsec in said library, only the stuff to be used by setup. =20 > It seems to me that the main thing we want setup to set is the acl=20 > entry for the owner (which will Administrators if the user running > setup is privileged)=20 What if the user has setup their security differently? Say they want 'Security-Staff' as the grout for 'root' and 'Domain\\Administrator' as the user for root? Setting it wrongly in this environment would (AFAICT) cause problems. Rob --=20 --- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt. --- --=-V7j00vGkGI9f0kUr60lI Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD4DBQA9xfpII5+kQ8LJcoIRAudzAJQPnFD/HfajbSUv6x5vO7lJpMpyAJ9/DCjk t9H0+SiGLy9bLgw903UeyA== =0IjO -----END PGP SIGNATURE----- --=-V7j00vGkGI9f0kUr60lI--