On 8/28/2014 14:32, Ron W wrote:
On Thu, Aug 28, 2014 at 2:01 PM, Warren Young <war...@etr-usa.com
<mailto:war...@etr-usa.com>> wrote:
2. If you *are* running as an Administrator user, you can't create
symlinks from a process that isn't "Run as Administrator".
If issue #1 is resolved in a given user's environment, then this could
be workable. In general, I dislike running with admin priv for anything
but admin tasks.
There's a fair bit more friction in to getting to a privileged shell on
Windows than on POSIX systems, where all you need is a sudo or "su -c"
command prefix.
Windows 8 made this a bit easier with its new Windows-X menu, but you
still have to cd back to where you want to run the Fossil command,
unless you choose to run under the elevated shell all the time.
You would have to run Fossil in such shell just to do a checkout of a
repo containing a symlink, or an update on such a repo whenever the
symlink changed. Ugh.
Those wanting to play with this in advance of code appearing in Fossil
can play with the "mklink" command, which only exists in the dreadful
cmd.exe shell. (It's a shell built-in, not a separate executable.)
Beware: the order of arguments to mklink is backwards relative to ln(1)!
Microsoft hasn't bothered adding that command to PowerShell. The
workarounds look pretty gnarly:
http://goo.gl/kdciMA
There's also a third Cygwin symlink mode, native mode:
https://cygwin.com/cygwin-ug-net/using.html#pathnames-symlinks
I wonder if it would make sense for Fossil to spawn a separate program
to create symlinks.
You'd need a Windows equivalent of setuid root. I imagine if such a
thing exists, it involves poking around inside the group policy editor
or the user managment MMC snap-in. If so, it may be even harder to
enable on non-Pro or Server versions of Windows.
That "separate program" could be "cmd.exe /c mklink...", but that would
mean making cmd.exe elevated by default, which is a security hole big
enough to float the Queen Mary through. And if there is a separate
program, that kicks the legs out from under Fossil's "everything in one
binary" value proposition.
Only programs running
under the interactive desktop can create symlinks.
This should not be a problem as only the Fossil CLI would be creating
symlinks.
Yes, true. Simply checking a new or changed symlink into a "fossil
winsrv" instance should not require special permission.
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
