On Nov 21 13:39, ASSI wrote: > Corinna Vinschen writes: > > The idea is that the installation tree has POSIXy permissions and > > administrative users have the right to change stuff. The administrators > > group is part of the user's token if the process has been started > > elevated, so, to me, this looks like a natural choice. > > As I said, I haven't thought through the implications of doing that. We > certainly haven't done a security audit or anything like that > w.r.t. group ownership of the Cygwin tree and permission of the > installed files. > > > The other advantage is that the administrators group has a fixed SID on > > all systems, while other groups depend on the environment. That goes > > for the local group "None" just as well as for the "Domain Users" > > group, etc. > > Yeah, a local non-domain installation currently installs as "None" > ("Kein" in german Windows) and domain ones will have "Domain Users"
...both groups using the same RID is no accident @ MSFT :) Corinna