Mail Archives: cygwin/2016/03/23/14:01:49

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/03/23/14:01:49

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:references

:mime-version:content-type:content-transfer-encoding; q=dns; s=

default; b=ykzKPvb8YL3cg6dZdoyuCcLON2WuBJ7tVaxLDib0gAFyvihy8OeIJ

DctFcoczTYlI5gJFdAZK5ND6mCMfBOE3o6ebQN6y+XWls2rDbPle5BzwCdFp0uaa

Ldjls8Uzsac0hBG91BmxS3p9tIbLUeWyWJg293i4u5U64z+OORLe+Y=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:references

:mime-version:content-type:content-transfer-encoding; s=default;

bh=ZHgJpgec8Y1YBxB6Cl8XRfbuAMg=; b=KiIYtn80cYV2y4CKPKgfVAtCFfbF

Qo0GhPOTjvF0P1X+owYCd4wqonhtOGU70pFcHmYyuJlIOzkj9UAEyAAIv9ntCDfc

YWrAD9x+7B1VZ5uCOArghcpNinQQurqRlcsq9iQkV5XWkrlM/JscutakmcvR6vQd

buzZDHIChw2Dhpg=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=0.2 required=5.0 tests=AWL,BASE64_LENGTH_79_INF,BAYES_40,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=corinna-cygwin, corinnacygwin, H*Ad:D*ca, H*MI:sk:87mvpz1

X-HELO: plane.gmane.org

To: cygwin AT cygwin DOT com

From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>

Subject: Re: Change PS1 when run as administrator

Date: Wed, 23 Mar 2016 18:01:02 +0000 (UTC)

Lines: 1

Message-ID: <loom.20160323T184305-828@post.gmane.org>

References: <F7CDFE45-BFA7-4599-B510-B40BCA19142F AT etr-usa DOT com> <28210846 DOT 20160315202354 AT yandex DOT ru> <87mvpz1ong DOT fsf AT Rainer DOT invalid> <0F37E0B7-A313-49F2-BAFD-59A7A144BD8C AT etr-usa DOT com> <loom DOT 20160323T125711-592 AT post DOT gmane DOT org> <20160323141740 DOT GT14892 AT calimero DOT vinschen DOT de>

Mime-Version: 1.0

User-Agent: Loom/3.14 (http://gmane.org/)

X-IsSubscribed: yes

X-MIME-Autoconverted: from base64 to 8bit by delorie.com id u2NI1jhv003910

Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> On Mar 23 12:35, Brian Inglis wrote:
>> Warren Young <wyml <at> etr-usa.com> writes:
>>> Confirmed, at least on Win10 64-bit without any AD mucking things up.
>>> That is, I get both 114 and 544 here, so I donâ€™t need the 114 rule at all.
>> Opposite for me on Win7 x64 non-domain machine! 
>> I am always a member of 544(Administrators) group and it is my default
>> primary group in normal non-admin and elevated admin shells. 
>> In elevated admin shell, I am also a member of 114(Local account and 
>> member of Administrators group) and 405504(High Mandatory Level) not 
>> 401408(Medium Mandatory Level). 

> You have either some /etc/passwd, /etc/group settings overshadowing the
> default settings, or you used the "desc" method described in
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch-desc
> to change your primary group.
> Otherwise your primary group is always "None", or the equivalent in your
> locale.  The admins group is *never* the primary group, unless you
> messed with the settings for Cygwin as outlined above.
> If you're member in the Admins group, then the admins group is part of
> the non-elevated token, but only as "deny-only" group.  That means, it's
> usually not shown in id, unless you made it primary group, in which case
> it has to be shown.
> You better remove this.  I think I'll fix this function to not allow
> primary groups which are not enabled in the token.

net user /comment - thanks, that worked.
Removed comment (in elevated shell) and default became None.
Readded comment with Users and that became the default.
Will leave that there, as seeing None=="local non-domain accounts" bugs me,
and it seems stupid to default anything to local non-domain accounts only.

Is there a better consistent choice of dynamic group having elevated rights
on both local and domain systems than 544 e.g. 114 or 405504 or ?

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=ykzKPvb8YL3cg6dZdoyuCcLON2WuBJ7tVaxLDib0gAFyvihy8OeIJ
	DctFcoczTYlI5gJFdAZK5ND6mCMfBOE3o6ebQN6y+XWls2rDbPle5BzwCdFp0uaa
	Ldjls8Uzsac0hBG91BmxS3p9tIbLUeWyWJg293i4u5U64z+OORLe+Y=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type:content-transfer-encoding; s=default;
	bh=ZHgJpgec8Y1YBxB6Cl8XRfbuAMg=; b=KiIYtn80cYV2y4CKPKgfVAtCFfbF
	Qo0GhPOTjvF0P1X+owYCd4wqonhtOGU70pFcHmYyuJlIOzkj9UAEyAAIv9ntCDfc
	YWrAD9x+7B1VZ5uCOArghcpNinQQurqRlcsq9iQkV5XWkrlM/JscutakmcvR6vQd
	buzZDHIChw2Dhpg=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=0.2 required=5.0 tests=AWL,BASE64_LENGTH_79_INF,BAYES_40,MIME_BASE64_BLANKS,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=corinna-cygwin, corinnacygwin, HAd:Dca, H*MI:sk:87mvpz1
X-HELO:	plane.gmane.org
To:	cygwin AT cygwin DOT com
From:	Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Subject:	Re: Change PS1 when run as administrator
Date:	Wed, 23 Mar 2016 18:01:02 +0000 (UTC)
Lines:	1
Message-ID:	<loom.20160323T184305-828@post.gmane.org>
References:	<F7CDFE45-BFA7-4599-B510-B40BCA19142F AT etr-usa DOT com> <28210846 DOT 20160315202354 AT yandex DOT ru> <87mvpz1ong DOT fsf AT Rainer DOT invalid> <0F37E0B7-A313-49F2-BAFD-59A7A144BD8C AT etr-usa DOT com> <loom DOT 20160323T125711-592 AT post DOT gmane DOT org> <20160323141740 DOT GT14892 AT calimero DOT vinschen DOT de>
Mime-Version:	1.0
User-Agent:	Loom/3.14 (http://gmane.org/)
X-IsSubscribed:	yes
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id u2NI1jhv003910