On 02/09/2022 16:17, Christian Franke wrote:
Jon Turney wrote:
On 28/08/2022 18:33, Christian Franke wrote:
As the 'root_scope' issues are now fixed, here a reworked and
enhanced (checkbox, setup.rc entry) version of the original patch
from this thread.
With the new setting enabled, setup behaves like other install tools
when run elevated: The installation is then also protected against
accidental modifications by the current user.
owner:group assignments of newly installed dirs/files:
adm:adm -- "All Users", "[X] Change owner of newly installed files to
local Administrator"
usr:adm -- "All Users"
usr:def -- "Just Me"
(usr = user running setup, adm = S-1-5-32-544, def = S-1-5-21-*-513)
Thanks. When writing the change summary for the last RC, I wondered
what the file owner should be.
I guess my question is, if adm:adm ownership is correct, and expected
for consistency with other Windows installers, why not make that the
default? and then do we really need to provide the current behaviour
as an option, if it's "wrong".
Two good questions. I'm not sure.
Well, perhaps we can explore that by asking what is the motivation for
this change? Does the current situation cause you a problem? Is is it
just motivated by the concern that the user running setup could
accidentally modify the installation, or something else?
Corinna had some concerns about making the owner a group, rather than a
user, which I believe historically caused some difficulties in Cygwin,
so I think I'll need to understand that better before making a decision
about this change.
An alternative for the UI would be a 3rd radio button ("All Users -
change owner of newly installed files to local Administrator"), but
the checkbox makes this addition IMO more obvious.
The new setup.rc setting 'root-scope' is only used to read the
chown_admin setting but this could be enhanced, e.g. warn user if
root_scope selection differs from previous setup run.
The drawback that files generated by postinstall scripts are still
owned by current user could be fixed with a perpetual postinstall
script. I could provide one for base-files package if desired.
Doesn't this mean that we are using the wrong user-context to run
those scripts?
The correct user context for running the script would be an equivalent
to 'sudo administrator' which is not possible.
A change or addition (environment CYGWIN=chown_admin) in the Cygwin DLL
would help: If launched with TokenOwner = Administrator, make sure that
all newly created dirs/files are owned by TokenOwner instead of current
user.
