Mail Archives: cygwin/2012/08/16/11:07:02
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| X-SWARE-Spam-Status: | No, hits=-4.4 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE
|
| X-Spam-Check-By: | sourceware.org
|
| MIME-Version: | 1.0
|
| In-Reply-To: | <20120816143205.GI17546@calimero.vinschen.de>
|
| References: | <CAG9p0OTFaLUp7c8zpOtVQ=4zt-=fAqPvURJw758FS+d2rPOtgw AT mail DOT gmail DOT com> <CE9C056E12502146A72FD81290379E9A49600AF0 AT ENFIRHMBX1 DOT datcon DOT co DOT uk> <CAG9p0OQsu08mOqGC4NkAvKE_GbjvBJk675XR6TdU5+urbNsEuQ AT mail DOT gmail DOT com> <502C6B1C DOT 5030900 AT cygwin DOT com> <CAG9p0OS3HKvaE9ye6g3vKP4kXPZGBw=uc-ELb0WcvdPefGQmFg AT mail DOT gmail DOT com> <20120816090344 DOT GD5536 AT calimero DOT vinschen DOT de> <CAG9p0ORs1BLte6nm_8iAHQan1Y+mESJQpNmjf=SiuJjHuSr83g AT mail DOT gmail DOT com> <20120816113834 DOT GF17546 AT calimero DOT vinschen DOT de> <CAG9p0ORUkRjJekPeD7UcN5-uHE+sFHWqAv0P60k+_o3tw_caSA AT mail DOT gmail DOT com> <20120816143205 DOT GI17546 AT calimero DOT vinschen DOT de>
|
| Date: | Thu, 16 Aug 2012 11:06:25 -0400
|
| Message-ID: | <CAG9p0ORP=_QxKFJJ_oSVWeodWA_tLgFcSBsA+ERNqQBk1OPaiA@mail.gmail.com>
|
| Subject: | Re: Question about UAC and bash/cygwin
|
| From: | Lord Laraby <lord DOT laraby AT gmail DOT com>
|
| To: | cygwin AT cygwin DOT com
|
| X-IsSubscribed: | yes
|
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm
|
| List-Id: | <cygwin.cygwin.com>
|
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
|
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com>
|
| List-Archive: | <http://sourceware.org/ml/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
|
| Sender: | cygwin-owner AT cygwin DOT com
|
| Mail-Followup-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | mailing list cygwin AT cygwin DOT com
|
On Thu, Aug 16, 2012Corinna Vinschen
> On Aug 16 08:48, Lord Laraby wrote:
>> On Thu, Aug 16, 2012 Corinna Vinschen wrote:
>> > On Aug 16 07:06, Lord Laraby wrote:
>>
>> See, here where I said I want to know if the user is in fact
>> "elevated"? I'm always a member of the Administrators Group (group
>> 544) even when I have no such privileges to "administer" the system.
>>
>> > What is it good for to have uid 0? You want to know if you have admin
>> > rights, so why don't you simply check for the admin group in the
>> > supplementary group list?
>>
>> The uid 0 feature is just a unixy way of indicating that my account
>> has already passed and accepted the UAC and I'm now running as a
>> normal admin (not a puny user).
>>
> Huh? When you're not running elevated, the admin group will not be in
> the list of supplementary groups. What other information do you need?
> What's the problem?
>
>
> Corinna
Apparently, we're seeing completely different things then. Here's two
examples I ran one normally and one elevated.
non-elevated:
master AT Master-PC ~
$ cd /etc/at-spi2/
master AT Master-PC /etc/at-spi2
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
Note ------------^^^^^^^^^^^
master AT Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf
master AT Master-PC /etc/at-spi2
$ mv accessibility.conf accessibility.conf.tmp
mv: cannot move `accessibility.conf' to `accessibility.conf.tmp':
Permission denied
^^^ Not able to bypass ACL (but note being in group 0 (544)
*** Now try in elevated mode
Elevated:
master AT Master-PC ~
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
master AT Master-PC ~
$ cd /etc/at-spi2/
master AT Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf
master AT Master-PC /etc/at-spi2
$ mv accessibility.conf accessibility.conf.sav
^^^ No error and successfully used admin provileges...
master AT Master-PC /etc/at-spi2
$ mv accessibility.conf.sav accessibility.conf
^^^ Again
master AT Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf
master AT Master-PC /etc/at-spi2
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
Note ------------^^^^^^^^^^^
master AT Master-PC /etc/at-spi2
------------
See, root (545) is on my groups all the time - elevated or not. Unless
this is an error of some magnitude that it was inadvertently changed,
I cannot say.
Needless to say, as you can see from the sample out above, I can only
do certain things elevated (admin-type tasks) regardless of having
root in my groups.
Any suggestions on why I get different results?
LL
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -