Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Date: Tue, 22 Oct 2002 19:57:58 -0400
From: Christopher Faylor <cgf AT redhat DOT com>
To: cygwin-developers AT cygwin DOT com
Subject: Re: Avoiding /etc/passwd and /etc/group scans
Message-ID: <20021022235758.GP6429@redhat.com>
Reply-To: cygwin-developers AT cygwin DOT com
Mail-Followup-To: cygwin-developers AT cygwin DOT com
References: <20021022181947 DOT GA4729 AT redhat DOT com> <3DB5A076 DOT ABAFF076 AT ieee DOT org> <20021022191217 DOT GD4828 AT redhat DOT com> <3DB5AB53 DOT B434ED90 AT ieee DOT org> <20021022202004 DOT GA6995 AT redhat DOT com> <3DB5BA56 DOT A76B6463 AT ieee DOT org> <20021022211930 DOT GF6429 AT redhat DOT com> <1035321750 DOT 1455 DOT 14 DOT camel AT lifelesswks> <20021022213133 DOT GI6429 AT redhat DOT com> <3DB5C7B1 DOT B87C8364 AT ieee DOT org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3DB5C7B1.B87C8364@ieee.org>
User-Agent: Mutt/1.5.1i

On Tue, Oct 22, 2002 at 05:48:33PM -0400, Pierre A. Humblet wrote:
>Christopher Faylor wrote:
>>
>> Why would that matter?  If setting reasonable acls is going to hurt the
>> CYGWIN=nontsec case then that's not good either.
>
>Setting reasonable acls has no negative impact, neither with ntsec nor
>with nontsec. nontsec has two main effects;

I thought as much.  I didn't think that setup decisions were gated on
CYGWIN=ntsec being the default.

>1) It reports the modes blindly as 644, while making some effort about the
>x bits, *irrespective* of the Windows access rights.
>
>2) It always  reports success on chown, chmod etc... while actually
>doing nothing (except sometimes setting the files readonly).

Right.

I wonder if we should different levels of ntsec operation.  Would it
make sense to recognize file permissions at ntsec=1, file ownership at
ntsec=3, and setuid at ntsec=4, or something like that?

>>>Here's a short term workaround, until we fix setup.exe.
>>>
>>>Add a .bat file as a postinstall script that scans the cygwin tree and
>>>sets executable rights to .exe and .dll files using the cacls command.
>>
>>If it is that simple, then sure.  Pierre is this doable?
>
>Surely yes if the user running setup is a member of the administrators
>group and the drive is local.  Answer probably more complicated if he
>isn't in administrators or the files are on a network drive.  You can
>use cygwin programs to do that, if they were extracted with x
>permission and ntsec is on.
>
>I am completely in the dark about what your ultimate goal is.  was
>there an earlier discussion?

I think the goal was to ensure that .exe files are always executable.

cgf