Christian Franke writes: > Anything installed with "All Users" option should IMO be protected > against modifications by any regular non-elevated user.
Yes. > This is not the case if the RID=513 group ("HOST\None", > "DOMAIN\Domain-Users") is used. Many upstream projects install > directories and files with permissions like 0664, 0775, 0660 or > 0770. This is safe when the group is "root". On current Cygwin, all > users have R/W access regardless of the "other" permission bits. Correct. That's why I was hoping I could use a dedicated group (either local or domain depending the install) for "Cygwin Administrators". > Using the administrators group as discussed here would solve this but > apparently introduces interesting new permission problems with some > packages. Could these possibly be solved by the maintainers of the > affected packages? The problem is not the Administrators group per se AFAICT, but the change from a different group to another mid-flight. If the group could be specified as alluded to above, I can keep the "wrong" group for existing installs until I get around to fix their group ownership and ensure that any new installs can be administered by whatever group of people will be responsible for keeping things running smoothly. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada