This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Too Many Permissions Stripped In 1.7.35?


On Feb 26 21:27, random user wrote:
> Regarding Corrinne's proposal to treat SYSTEM's ACE distinct from others
> in forming the apparent group permission "mask":
> 
> Might it be sensible to do somewhat similar for the case where a file's
> owner is the same as its primary group (i.e., same SID)?  It has seemed
> the chmod behavior for this case has long been what's proposed (at least
> for the typical case of a chmod leaving the user with wider privileges
> than the group), but the group permission bits have appeared set to ls
> and other tools.  It would seem to help re ~/.ssh and other cases that
> are checked by programs wanting there to not be any group permissions.

Good point.  Right now the group permissions are == owner permissions in
the case the owner and group are the same.  Maybe it would be better to
remove all group permission bits if owner SID == group SID instead. 

Either way it's a bit puzzeling for the user because a chmod on group
permissions has no effect, but the 0 group permissions would help
security-conscious applications along.  And it would be neither exactly
a lie, nor more insecure.

Hmm...

> (Less sure I think this is really a good idea, but it'd seem consistent
> with treating SYSTEM this way given the standard default ACLs on
> /c/Users/<user>):  Should Administrators be treated the same as SYSTEM?

Nooooooo!!!1!!11!

This is exactly what I was concerned about when I formulated my
yesterday's suggestion to special-case SYSTEM.  There's no end to all
the special casing if we start with it.  Administrators is a group
is a group is a group.  Just like any other group.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpaoNchFWyQI.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]