Corinna Vinschen wrote:
We can require Administrators (-544) in /etc/group, and SYSTEM (-18) in
both /etc/group and /etc/passwd, right?
Yes. I'm just wondering if we shouldn't check for the Admins group
only. The token of the SYSTEM user always contains the Admins group and
the cyg_server (or whatever the name is) user is always (and should
always) be created as member of the admins group, too. So, if I didn't
miss anything important, the check could be reduced to checking for the
admins group permissions. Does that make sense?
It makes sense -- if the following assertion is true for NT/2k/XP, as
well as more modern versions of Windows, for both cygwin-1.5 and cygwin-1.7:
Admins group access to a file (-...[rwx]... as specified by $2 if group
ownership of the file is Administrators, or a sufficient group token in
the extended ACLs is present as determined by getfacl) is necessary and
sufficient for the SYSTEM user (and/or the special privileged user) to
access the file, regardless of the file's actual owner.
--
Chuck
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/