| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=v7QRRSYP3LkpG0uKaxQPD5t9GvOy7KLxBlor8xmbEG9rIgNZEut/C | |
| lAD2mb+T61tcJC3C41b1NYd6Y/b1YjLqT08euBJgLMrLHOCF/KmTalfCzcdCAIlZ | |
| OJts7L+oXfmMNXDjLl8UOzI2YH8J/rajkNXV4y1vJ5284DPPuASLic= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=E2XVSKhOZIxstkm0ANR5GrrHrnU=; b=c2vFDeBlWJgVKQ4IvzFHd4ujrIQt | |
| 80o9x66lxkTxz47hhJ9riR+kKRjDvyGV9slh9RvnA5hOyE73QzkFM/ArnQRHYCtU | |
| nqLgkm8t8YyVBpPa7W4ycTGh/emfiLZz4QPrgWtKQv4UqX8iPcIuzHCvztVC+srN | |
| oUim1P1a2Qx/4XU= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| X-Spam-SWARE-Status: | No, score=-1.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1 |
| Date: | Wed, 29 May 2013 17:23:39 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Using native symlinks |
| Message-ID: | <20130529152339.GB4471@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <CAGHJv4ftSKS6wR-Uzd9Gfvowqpn-WCQ0U01NexgCpZaYqd-Tow AT mail DOT gmail DOT com> <20130528185553 DOT GA31309 AT calimero DOT vinschen DOT de> <CAGHJv4fkvRt1gQfNTarHGUQWvdRxRsy=oAA=pjUQTLQFoNoW-g AT mail DOT gmail DOT com> <20130529083910 DOT GD31309 AT calimero DOT vinschen DOT de> <CAGHJv4cUbx_sMCwUgzTd3ZaXVgbfgPt1Fs7pOO4UtwZhFFj-uA AT mail DOT gmail DOT com> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <CAGHJv4cUbx_sMCwUgzTd3ZaXVgbfgPt1Fs7pOO4UtwZhFFj-uA@mail.gmail.com> |
| User-Agent: | Mutt/1.5.21 (2010-09-15) |
On May 29 10:33, Chris Sutcliffe wrote: > On 29 May 2013 04:39, Corinna Vinschen wrote: > > On May 28 22:23, Chris Sutcliffe wrote: > >> It works fine if I create the native symlinks in an elevated shell, > >> but does not if I create the native symlinks in a "normal" shell. Is > >> this expected (i.e. does creating native symlinks only work in > >> elevated shells?). > > > > Welcome to the wonderful world of native NTFS symlinks!!1!11!! > > > > It's true and it works like this: Have a look into the "Local Security > > Policy" MMC Snap-in. In the left hand tree view navigate to > > "Security Settings" -> "Local Policies" -> "User Rights Assignments". > > On the right side look for "Create symbolic links". You will see that > > by default only members of the Administrators group are allowed to > > create symlinks. > > > > If you're running under an admin account in a non-elevated shell, your > > token has been stripped by all Admin-only user rights, so you also have > > no right to create symlinks. > > > > To workaround that, you can either add yourself to the "Create symbolic > > links" right, or you can add the "Users" group if you want to allow > > every user to create symlinks. But this requires changing it on all > > machines manually, so alternatively you can create a domain policy which > > adds the trusted users to this user right on all machines. > > I tried this approach and I'm still not having any luck with the user > being able to create native symbolic links in a non-elevated shell. What approach? Adding the Users group to the Local Security Policy or adding a domain policy? If the latter, did you call gpupdate on the client or reboot the client machine to propagate the domain policy? Also, either way, did you logoff and logon so that the "Create symbolic links" user right can be added to your user token? Note that your token remains unchanged if you didn't exit from your session. Just changing the Policy isn't enough, the OS needs achance to create a new user token for you containing the user right. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |