-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Larry Hall wrote:
> Fish wrote: <snip> > > Could some kind soul out there help me to understand why > > *SOME* type of "public" permissions set is [apparently] > > required by Cygwin? (*nix?) > > > > Thanks. > > > I thought Pierre did a rather good (good? I mean excellent! > ;-) ) job of explaining the issue with his last email to you > on this subject: > > <http://cygwin.com/ml/cygwin/2004-08/msg00280.html> Hmmm... I seemed to have missed that post. Thanks! (And Thank YOU Pierre! Sorry I missed your reply. Must have been the change in the subject line and me not watching things closely enough. My apologies.) > The key part is that 'setup.exe' is not a Cygwin program > (it can't be) so it's largely bound by Windows security > semantics. These don't map well into the Cygwin emulation > of POSIX permissions. So, if neither you, nor standard groups, > nor "Everyone" owns the file, there will be a mismatch > of the permissions on the files and directories in the > Windows view (ACLs) and the POSIX view (owner, group, world). I guess that make sense. > As Pierre pointed out, POSIX tools like 'cp' only operate on > POSIX permissions. If those are '---------', then you get no > permissions on that copied file. Yep. That's what was happening. I manually tried to 'cp' the files just like the postinstall scripts were doing and sure enough I got a file with no permissions. :) > So one solution is to do what you did. Make sure that > 'Everyone' owns the files in the Windows ACL. Well, not "owns", but I get the drift. :) > You do that by creating the directory you want to install > Cygwin to and setting the permissions, via Windows, before > Cygwin installation, making sure to set the permissions so > they are inherited. Ah. Then if I understand things correctly, I could probably remove the "Everyone" group from everywhere (i.e. from all partitions (root [drive] folders), just like I had it before) and just have on the *Cygwin* directory *only*, right? Makes sense. Don't know why I didn't think of it before. (Hind sight is always 20-20, eh?) > For the case of 'Everyone', that maps to the 'world'. Figured that. :) > Another alternative is to create a CYGWIN environment > variable with 'nontsec' set before installation. That will > make Cygwin use Windows ACLs, following those rules > exclusively. THAT sounds more like what I think I might want. I don't think I really need to have my Cygwin environment mimic the POSIX permissions so closely IMO. (At least I don't think so anyway) The way Windoze is doing/handling it is just fine, so 'nontsec' *sounds* like something I should definitely investigate. Thanks. > If you're still having trouble understanding what's going on here, > I suggest you read the NT security chapter of the User's Guide: > > <http://cygwin.com/cygwin-ug-net/ntsec.html> Cool. Thanks. I'll read through that when I get a chance. (It's late right now though so I'll save it for tomorrow) > If you read it already, read it again. :) > I'm serious. I'm sure you are. The GUI presentation of Windows' permissions is, more or less, relatively straightforward (or at least straightforward enough that I *think* I can pretty much understand what permissions I should probably set/use anyway), but how it actually *works* (i.e. what goes on behind the scenes) tends to give me a headache whenever I read about it. (Windows permissions is one area where I'm still not "up to speed" on yet) > This is complicated stuff giving the partial mapping of ACLs to > POSIX permissions. No sh*t! :) > It takes some real thought to understand it all and it's > limitations. Reading this more than once can make things click > where they didn't before. When you get so you understand it, feel > free to offer patches to make Cygwin and 'setup.exe' better in this > area. You can save the next person who has tight permissions some > trouble. :-) Will do. :) (But don't hold your breath waiting) ;-) Thanks you guys. (And again sorry for missing your reply Pierre) - -- "Fish" (David B. Trout) [EMAIL PROTECTED] Fight Spam! Join CAUCE! http://www.cauce.org/ -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBQRnXAEj11/TE7j4qEQK73gCeMYZHoIFKRIWSIlCHmDJu3lEIrDIAoLb5 cKJ/J6RBmm5LOlTDsrMd8x9a =Pt6H -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
