> -----Original Message-----
> From: tech-pkg-owner@NetBSD.org 
> [mailto:tech-pkg-owner@NetBSD.org] On Behalf Of Todd Vierling
> Sent: Wednesday, May 05, 2004 1:37 PM
> To: Mark Funkenhauser
> Cc: tech-pkg@netbsd.org
> Subject: Re: #define name for non-root pkg_install tools
> 
> 
> On Wed, 28 Apr 2004, Mark Funkenhauser wrote:
> 
> : With Interix, there are potentially two different Administrator user
> : accounts:
> :   localSystem+Administrator  and  PrincipalDomain+Administrator
> : (uid = 197108  and  uid = 1049594  respectively)
> 
> Right.  1049594, however, is not treated specially by pkgsrc.
> 
> Is a domain Administrator automatically a member of the local 
> Administrators
> group (131616)?  If so, pkgsrc should be happy as-is; it is 
> using the gid
> (as of now, numerically) for most privilege check uses.

When your machine becomes part of a Windows domain, then the 
domain\Administrators group becomes part of the local Administrators
group.
And the domain Administrator is normally a member of the
domain\Administrators
group.

> 
> : I guess it depends if any of the pkg_* tools assume that the current
> : user is privileged.
> 
> At the moment, pkg_* in pkgsrc does not do the permissions 
> check on Interix at all.

That's not what I was getting at.
It's a question of what operations the pkg_* tools perform
and what privileges these ops require in order to be successful.

If any of these operations require a particular privilege,
then it may be reasonable to check that the current user has these
privileges first - rather than erroring out with permission or access
denied
in the middle of a critical operation.