| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=yERkrHaiweKaEDr3X1m+7LxVHsUPRGMTtxNiqFSuiFJtOiN9USrdd | |
| 469+HAeJnlTI6u10iQDXiHfQQXRD8ryVuYEWiUQXCe90c1wu3tV634IGDYG0dIcY | |
| tb+9cO+MSCtCQYNffGyPn252iNsQaY+gFm3gGQBpfmIE5gtAZt17Vo= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=vg6F9g0ib9dJcLaUI+XwsTX1llw=; b=odvSoI9BmLr5RXpMgkSlXpGonglH | |
| qExJtrg6UJF4kDwOmuBOz5MmSwjApXOKKOZsGIsQJ6lsIv3bywAN9yHOsQ0vgs0w | |
| CV+tDen0twBw6M7WQyxxPvMAiQdqYVsbEEB/z6dGBKBnFV3OjGdzgfGJfTOva6wa | |
| kgzTSbUf5AKy270= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| X-Spam-SWARE-Status: | No, score=-1.1 required=5.0 tests=AWL,BAYES_05 autolearn=ham version=3.3.1 |
| Date: | Thu, 30 May 2013 11:03:26 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Using native symlinks |
| Message-ID: | <20130530090326.GJ4471@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <CAGHJv4ftSKS6wR-Uzd9Gfvowqpn-WCQ0U01NexgCpZaYqd-Tow AT mail DOT gmail DOT com> <20130528185553 DOT GA31309 AT calimero DOT vinschen DOT de> <CAGHJv4fkvRt1gQfNTarHGUQWvdRxRsy=oAA=pjUQTLQFoNoW-g AT mail DOT gmail DOT com> <20130529083910 DOT GD31309 AT calimero DOT vinschen DOT de> <CAGHJv4cUbx_sMCwUgzTd3ZaXVgbfgPt1Fs7pOO4UtwZhFFj-uA AT mail DOT gmail DOT com> <20130529152339 DOT GB4471 AT calimero DOT vinschen DOT de> <CAGHJv4cKU_vHa7KddQ5dK_3dkj792A8X5Ps9njS_gBNEFWz63Q AT mail DOT gmail DOT com> <20130529170147 DOT GG4471 AT calimero DOT vinschen DOT de> <CAGHJv4cms9Cg=VA0bFsqK_MvY1fhYbgQA2iOWRKxA=O0Z1FL1A AT mail DOT gmail DOT com> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <CAGHJv4cms9Cg=VA0bFsqK_MvY1fhYbgQA2iOWRKxA=O0Z1FL1A@mail.gmail.com> |
| User-Agent: | Mutt/1.5.21 (2010-09-15) |
On May 29 20:43, Chris Sutcliffe wrote: > On 29 May 2013 13:01, Corinna Vinschen wrote: > > On May 29 12:40, Chris Sutcliffe wrote: > >> On 29 May 2013 11:23, Corinna Vinschen wrote: > >> > On May 29 10:33, Chris Sutcliffe wrote: > >> >> On 29 May 2013 04:39, Corinna Vinschen wrote: > >> > Also, either way, did you logoff and logon so that the "Create symbolic > >> > links" user right can be added to your user token? Note that your token > >> > remains unchanged if you didn't exit from your session. Just changing > >> > the Policy isn't enough, the OS needs achance to create a new user token > >> > for you containing the user right. > >> > >> I've rebooted the machine since making the change and it has had no > >> affect. Is there something else I need to do? > > > > I don't know. I have to try (but not today). Did you try to add the > > "Users" group to the Local Security Policy entry instead? > > I tried adding the "Users" group and it didn't help either. I just tested it and can confirm it. Try this: Start a login session of a normal user after adding the "Users" group to the "Create symbolic links" right. Check the privileges in the user token: $ /cygdrive/c/Windows/System32/whoami /priv PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ============================= ==================================== ======== SeShutdownPrivilege Shut down the system Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled SeCreateSymbolicLinkPrivilege Create symbolic links Disabled On the other hand, in the same situation the UAC-crippled admins's token does not contain the "Create symbolic links" right: $ /cygdrive/c/Windows/System32/whoami /priv PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ============================= ==================================== ======== SeShutdownPrivilege Shut down the system Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled I also changed the "Create symbolic links" policy so that the "Users" group is the only group getting this right. In other words, I removed the "Administrators" group entirely, logged off, logged on, and the result was the same as above. This is a bug in UAC if you ask me. It seems to remove privileges from the UAC-crippled admin's token based on a fixed internal list, totally ignorant of changes in the security policy. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |