I have studied complains on the list related to the interaction of setup and ntsec, sometimes asking privately for details. Here are the results of the investigation and some recommendations.
First some background: 1) ACLs of installed files are determined by the inheritance properties of the directories. That's Windows tradition. It allows the easy implementation of site specific policies. If there is no inheritance, setup defaults to giving full rights to Everyone. In all cases I have examined, the inheritance settings were sane, i.e. all normal users had at least rx access. However Everyone did not always appear in the ACLs. When it didn't, Users did. Mentioning this fact in http://www.cygwin.com/download.html would make sense and allow users to set appropriate inheritable permissions before running set (wishful thinking? :( ) 2) Non privileged users are sometimes presented with the Windows "Install As Other User" popup, asking for the Administrator password. <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/337.asp> <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/338.asp> <http://www.eimsdirect.com/techtips/logoncredentialswin2000.html> One user mentioned that the popup does not appear when setup.exe is renamed. I have never seen the popup on NT and don't have easy access to 2000 and XP to experiment. All users I contacted thought that the popup was from setup itself. http://www.cygwin.com/download.html should recommend NOT TO accept the offer and to install as oneself, except if this is not allowed by the ACL inheritances or if one wants to install for everybody (registry access). If one accepts the invitation, one may not have write access to various configuration files. 3) Often the permissions displayed by Cygwin are too narrow, although the files are accessible. This happens due to a combination of several factors and is one of the main reasons to run with nontsec. a) "Everyone" not appearing in the inheritable ACLs. b) The file group not appearing in the ACLs. "None" never appears. c) The installing user (or creator-owner) not appearing in the ACL. The file group in b) is determined by a default in the access token of the process. It must be one of the groups of the user running setup. Its value does not *change* the access rights but can greatly influence the permissions *shown* by Cygwin. In the next e-mail I include a patch to setup.exe that attempts to change the group from None to Users or Administrators. In all cases I have examined this would improve the displayed permissions. 4) A less important reason to run with nontsec is that files that never need to be executed are executable (but this allows to start an application, such as an editor, by clicking on the file icon). The following command removes the execute permissions if it they are shown as off with nontsec. CYGWIN=nontsec find . ! -perm -111 -print0 | env -u CYGWIN xargs -0 chmod a-x Pierre
