Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Subject: Re: Solving ntsec problems?
From: Robert Collins <rbcollins AT cygwin DOT com>
To: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
Cc: cygwin-developers AT cygwin DOT com
In-Reply-To: <3.0.5.32.20021103233543.00816100@mail.attbi.com>
References: <20021103215859 DOT GA21874 AT redhat DOT com>
	<20021103180437 DOT GA19854 AT redhat DOT com>
	<3 DOT 0 DOT 5 DOT 32 DOT 20021103142141 DOT 00815cf0 AT h00207811519c DOT ne DOT client2 DOT attbi DOT com>
	<20021103215859 DOT GA21874 AT redhat DOT com> 
	<3 DOT 0 DOT 5 DOT 32 DOT 20021103233543 DOT 00816100 AT mail DOT attbi DOT com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
	boundary="=-V7j00vGkGI9f0kUr60lI"
Date: 04 Nov 2002 15:40:40 +1100
Message-Id: <1036384840.22120.51.camel@lifelesswks>
Mime-Version: 1.0


--=-V7j00vGkGI9f0kUr60lI
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-11-04 at 15:35, Pierre A. Humblet wrote:
> At 09:09 AM 11/4/2002 +1100, Robert Collins wrote:
> >I'd rather extract the ntsec unix->win32 acl logic to a static library
> >that both cygwin1.dll and setup.exe can incorporate.=20
>=20
> Isolating ntsec in a library is a big job, unnecessary.=20
> Setup probably needs only a small part of ntsec. Copying some=20
> functions from sec_acl.cc and security.cc should be enough.

And will inevitable lead to skew in the future. Besides which, we don't
need *all* of ntsec in said library, only the stuff to be used by setup.
=20
> It seems to me that the main thing we want setup to set is the acl=20
> entry for the owner (which will Administrators if the user running
> setup is privileged)=20

What if the user has setup their security differently? Say they want
'Security-Staff' as the grout for 'root' and 'Domain\\Administrator' as
the user for root?

Setting it wrongly in this environment would (AFAICT) cause problems.

Rob

--=20
---
GPG key available at: http://users.bigpond.net.au/robertc/keys.txt.
---

--=-V7j00vGkGI9f0kUr60lI
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD4DBQA9xfpII5+kQ8LJcoIRAudzAJQPnFD/HfajbSUv6x5vO7lJpMpyAJ9/DCjk
t9H0+SiGLy9bLgw903UeyA==
=0IjO
-----END PGP SIGNATURE-----

--=-V7j00vGkGI9f0kUr60lI--