On Feb 28 22:41, Corinna Vinschen wrote: > The culprit is setup.exe apparently. If it sets 1777 permissions, it > uses the same permissions for the inheritable default permissions. It > should remove the write bits before creating the inheritable default > permissions. In Cygwin this is controlled by the umask, but setup > doesn't know about a umask. > > So, the correct solution is to change setup.exe to create less dangerous > default permissions for the Win32 apps in case of 1777 dirs. That makes > the tmp/temp stuff in etc/profile unnecessary.
I just applied a fix to setup so that the default permissions for dirs created with the sticky bit (t) set don't contain write permissions for group and other. I see to it that it will be uploaded to cygwin.com shortly. > The *big* problem are the already existing /tmp dirs with bad permissions > throughout the Cygwin users. > > David, instead of setting tmp/temp, What about adding the following line > to /etc/profile? > > setfacl -m d:g::r-x,d:o:r-x /home /tmp /usr/tmp /var/log /var/run /var/tmp > 2>/dev/null > > That sets the list of directories created with 1777 permissions by > setup.exe itself to more sane permissions. Maybe it could be combined > with a marker file, along these lines: > > if [ ! -f /etc/.177fix ] > then > setfacl -m d:g::r-x,d:o:r-x /home /tmp /usr/tmp /var/log /var/run > /var/tmp 2> /dev/null && touch /etc/.177fix > fi That should have been /etc/.1777fix, of course. I think something like this is necessary since it makes sure that setfacl is called once by a user with the right permissions and then it's just ignored ever after. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
