On 08/10/2022 17:56, Achim Gratz wrote:
I think that setup was essentially treating the install as "for this
user only" since it was created and maintained by a script that can't
affect that option and the fact it was also in group Adminsitroators
didn't actually register until now.
Yeah, that seems possible, since some of these changes fix what are
arguably bugs in how that works (i.e. I suspect that previously, even
when elevated, if only the registry key
HKEY_CURRENT_USER\\Software\\Cygwin\\setup\rootdir exists (and not the
same key under HKLM), we're going to install for "Just Me", irrespective
of what the UI says)
The DACL on the server install changed from conferring access to "Everyone" to
just the install user and SYSTEM IIRC. It doesn't do that on the
(non-domain) build machine at home that runs Win10 Pro.
That makes less sense to me. We should always creating an entry in the
DACL for 'Everyone' to hold the POSIX permissions for 'other' users.
(See win32.cc:NTSecurity::GetPosixPerms() which translates a file mode
to a SD)
>> As long as there's an option to force it to keep the former behaviour
>> things should be OK, but I haven't really checked if and how this is
>> possible.
>
> Unfortunately, there is no such option.
I wrote some code for this option (attached), but I have a hard time
seeing how it's functionally different from using '-B/'--no-admin'.
So, I guess a question is, does running with that option work as
expected in your problematic instance?
From ae547f5b4b4421bf9b7b9f204eb3d303cc6b2673 Mon Sep 17 00:00:00 2001
From: Jon Turney <jon.tur...@dronecode.org.uk>
Date: Wed, 2 Nov 2022 22:46:29 +0000
Subject: [PATCH setup] Add an option to not make files group owned by
Adminstrators
Add an option that, when elevated, do not make files group owned by
Adminstrators (i.e use the primary group of the user running setup
instead).
Fixes: 495b0148
---
res.pot | 8 ++++++--
res/en/res.rc | 1 +
resource.h | 1 +
root.cc | 7 ++++++-
4 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/res.pot b/res.pot
index 64079c8..e84c34c 100644
--- a/res.pot
+++ b/res.pot
@@ -3,7 +3,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-08-27 12:54+0100\n"
+"POT-Creation-Date: 2022-11-08 14:36+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <l...@li.org>\n"
@@ -11,7 +11,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Accelerator-Marker: &\n"
-"X-Generator: Translate Toolkit 3.7.0\n"
+"X-Generator: Translate Toolkit 3.7.3\n"
"X-Merge-On: location\n"
#: DIALOG.IDD_SOURCE.CAPTION
@@ -1245,6 +1245,10 @@ msgstr ""
msgid "Disable creation of desktop shortcut"
msgstr ""
+#: STRINGTABLE.IDS_HELPTEXT_NO_GROUP_CHANGE
+msgid "When elevated, do not make files group owned by Adminstrators"
+msgstr ""
+
#: STRINGTABLE.IDS_HELPTEXT_NO_REPLACEONREBOOT
msgid "Disable replacing in-use files on next reboot"
msgstr ""
diff --git a/res/en/res.rc b/res/en/res.rc
index ef5e8b1..dad5c47 100644
--- a/res/en/res.rc
+++ b/res/en/res.rc
@@ -683,6 +683,7 @@ BEGIN
IDS_HELPTEXT_MIRROR_MODE "Skip package availability check when installing
from local directory (requires local directory to be clean mirror!)"
IDS_HELPTEXT_NO_ADMIN "Do not check for and enforce running as
Administrator"
IDS_HELPTEXT_NO_DESKTOP "Disable creation of desktop shortcut"
+ IDS_HELPTEXT_NO_GROUP_CHANGE "When elevated, do not make files group owned
by Adminstrators"
IDS_HELPTEXT_NO_REPLACEONREBOOT "Disable replacing in-use files on next
reboot"
IDS_HELPTEXT_NO_SHORTCUTS "Disable creation of desktop and start menu
shortcuts"
IDS_HELPTEXT_NO_STARTMENU "Disable creation of start menu shortcut"
diff --git a/resource.h b/resource.h
index cfe860b..917534f 100644
--- a/resource.h
+++ b/resource.h
@@ -157,6 +157,7 @@
#define IDS_HELPTEXT_HEADER 1546
#define IDS_HELPTEXT_FOOTER 1547
#define IDS_HELPTEXT_NO_WRITE_REGISTRY 1548
+#define IDS_HELPTEXT_NO_GROUP_CHANGE 1549
// Dialogs
diff --git a/root.cc b/root.cc
index ccbd6ae..f81c5c9 100644
--- a/root.cc
+++ b/root.cc
@@ -37,8 +37,10 @@
#include "propsheet.h"
#include "getopt++/StringOption.h"
+#include "getopt++/BoolOption.h"
StringOption RootOption ("", 'R', "root", IDS_HELPTEXT_ROOT, false);
+static BoolOption NoGroupChangeOption (false, '\0', "no-group-change",
IDS_HELPTEXT_NO_GROUP_CHANGE);
static ControlAdjuster::ControlInfo RootControlsInfo[] = {
{ IDC_ROOTDIR_GRP, CP_STRETCH, CP_TOP },
@@ -310,7 +312,10 @@ RootPage::OnNext ()
<< (root_scope == IDC_ROOT_USER ? " user" : " system") << endLog;
if (root_scope == IDC_ROOT_SYSTEM)
- nt_sec.setAdminGroup ();
+ {
+ if (!NoGroupChangeOption)
+ nt_sec.setAdminGroup ();
+ }
else
nt_sec.resetPrimaryGroup ();
--
2.38.1
