On 06/07/2022 08:14, Christian Franke wrote:
If an installer is run elevated, the installed files will be typically
owned by the local administrator (or in some cases SYSTEM or
TrustedInstaller) instead of the current user. This is not the case for
a Cygwin "All Users" installation. The files are then not protected from
... instead the files are owned by the user running setup?
accidental changes by this user.
The attached patch adds an experimental --chown-admin option which
allows (new) installations owned by local administrator user and group.
Thanks for the patch, but...
A drawback is that files generated by postinstall scripts are still
owned by current user + "None" group. It should be possible to fix this
with some perpetual preremove+postinstall scripts.
I also don't know whether this may break some postinstall scripts.
BTW: 'nt_sec.setDefaultSecurity (isAdmin)' is never called with
'isAdmin==true' as 'root_scope' is always 0.
root_scope is set later, by the "Install For" option on the "Select Root
Install Directory" page.
To me, this looks like a (very long standing) bug that we shouldn't be
calling setAdminGroup() here, but after root_scope has been set.
