Mail Archives: cygwin/2016/03/23/17:04:52

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/03/23/17:04:52

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=myHD4jAekumcQR2YKo2ufa4zQ4FSRpLY/hNqE84fDR4F5k8tpEyxp

TNzSqVErRXOD4W38ClKB/CxOCtOoiezpNCcSoKxrlmNn03YNmQef70DG8G8uNuny

uqiWS5+4XGFiKonFVlhlQWMooutccB5HIN80AM7d+TJ6Ae+Azcpkn4=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=BzBybSiJe1TsN47bjWnLm1FHZrU=; b=lBm1/7gPkfXasvmyXZE997p3rCQg

LJ5SX+kBncggiKv7jcumYuiRUfbpSzEtGjWtX1lu7bKL9m7H5bQJA7MY4rvy4927

Rpize4TBG1+2XwIAAEvGzkehWbsWA2Vb9jbhOwNDgmZDW635JDzRE0tN/0cl95sg

GfAz3YRNUBt5+eI=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-96.6 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC autolearn=ham version=3.3.2 spammy=corinna-cygwin, corinnacygwin, became, readded

X-HELO: calimero.vinschen.de

Date: Wed, 23 Mar 2016 22:04:22 +0100

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: Change PS1 when run as administrator

Message-ID: <20160323210422.GA13802@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <F7CDFE45-BFA7-4599-B510-B40BCA19142F AT etr-usa DOT com> <28210846 DOT 20160315202354 AT yandex DOT ru> <87mvpz1ong DOT fsf AT Rainer DOT invalid> <0F37E0B7-A313-49F2-BAFD-59A7A144BD8C AT etr-usa DOT com> <loom DOT 20160323T125711-592 AT post DOT gmane DOT org> <20160323141740 DOT GT14892 AT calimero DOT vinschen DOT de> <loom DOT 20160323T184305-828 AT post DOT gmane DOT org>

MIME-Version: 1.0

In-Reply-To: <loom.20160323T184305-828@post.gmane.org>

User-Agent: Mutt/1.5.24 (2015-08-30)

--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar 23 18:01, Brian Inglis wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > On Mar 23 12:35, Brian Inglis wrote:
> >> Warren Young <wyml <at> etr-usa.com> writes:
> >>> Confirmed, at least on Win10 64-bit without any AD mucking things up.
> >>> That is, I get both 114 and 544 here, so I don=E2=80=99t need the 114=
 rule at all.
> >> Opposite for me on Win7 x64 non-domain machine!=20
> >> I am always a member of 544(Administrators) group and it is my default
> >> primary group in normal non-admin and elevated admin shells.=20
> >> In elevated admin shell, I am also a member of 114(Local account and=
=20
> >> member of Administrators group) and 405504(High Mandatory Level) not=
=20
> >> 401408(Medium Mandatory Level).=20
>=20
> > You have either some /etc/passwd, /etc/group settings overshadowing the
> > default settings, or you used the "desc" method described in
> > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch-desc
> > to change your primary group.
> > Otherwise your primary group is always "None", or the equivalent in your
> > locale.  The admins group is *never* the primary group, unless you
> > messed with the settings for Cygwin as outlined above.
> > If you're member in the Admins group, then the admins group is part of
> > the non-elevated token, but only as "deny-only" group.  That means, it's
> > usually not shown in id, unless you made it primary group, in which case
> > it has to be shown.
> > You better remove this.  I think I'll fix this function to not allow
> > primary groups which are not enabled in the token.

The latest test release 2.5.0-0.9 now checks if the desired primary
group is enabled in the token.  If it's not enabled, as in the case
of the admins group for non-elevated admin accounts, it refuses to
change the primary group and keeps the default primary group intact.

> net user /comment - thanks, that worked.
> Removed comment (in elevated shell) and default became None.
> Readded comment with Users and that became the default.
> Will leave that there, as seeing None=3D=3D"local non-domain accounts" bu=
gs me,
> and it seems stupid to default anything to local non-domain accounts only.

> Is there a better consistent choice of dynamic group having elevated righ=
ts
> on both local and domain systems than 544 e.g. 114 or 405504 or ?

I don't understand the question.  What counts is group 544,
administrators.  But there's no good reason to make this group your
primary group.  Membership is sufficient.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW8wTWAAoJEPU2Bp2uRE+gnssP/2oniSnEd6H4Yn4q4booILVe
BGVGM9xBpTuTUfi70XiQxHC10HIIQbn5xtCrbaHz0LKPwYMPST3MBNsUQpkw1NdD
LuNPL2L0+XL4j89+xdGEF+dUzHD8yExdZ1EBlIniIXZsgFjeAIB+gyDiFOPBf3k3
tG6DnLz2MBeQGFIkYF1zAPjpY4OVv/UCK2YvYEyLkY0kKb572ZG6MoHGYQ1wvtmh
WoCzV1+dYWLBVXkgu/h8tLn4yXrL7acUryzw9bjbLxcBvA6rPGKmzzn34HkP1rez
tgPffJsHFMulXGygtGJ4j7aoij9DOI86KyhyVrNOSPP2rt9nod9F9DSWC4NEm+Bw
L3hgXAS7fbexpjMJ+nOAtgo0o0uXE6M1gifsmqXUKPdDOYlDYBL0poBigIHRukoY
85a9H5jJv0WyLOImb2m05jWl9hCVFm06uODnuRYjN0O+O98dfQoWwVXTZJE4IHut
BX699D5qiLpSfai61HsULZ1pEIxnYh4UAw6Urx1UpOo5RzEvh6ixbG7rdR4kX7Us
JEoICBf6zt/INziwQ5FXSvvOXgklmY2hUqdI62vXYdvsrktwtJZryvtI3If0ZhAk
R8t6K/WzZcBqnaz+c7zt82tw5T7ISvGz18vo8DUWfVqjrRUbMwxMM3JD2sqJWwRO
ZGUjPp4HC3TlwNyRbP+E
=nJLo
-----END PGP SIGNATURE-----

--3MwIy2ne0vdjdPXF--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=myHD4jAekumcQR2YKo2ufa4zQ4FSRpLY/hNqE84fDR4F5k8tpEyxp
	TNzSqVErRXOD4W38ClKB/CxOCtOoiezpNCcSoKxrlmNn03YNmQef70DG8G8uNuny
	uqiWS5+4XGFiKonFVlhlQWMooutccB5HIN80AM7d+TJ6Ae+Azcpkn4=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=BzBybSiJe1TsN47bjWnLm1FHZrU=; b=lBm1/7gPkfXasvmyXZE997p3rCQg
	LJ5SX+kBncggiKv7jcumYuiRUfbpSzEtGjWtX1lu7bKL9m7H5bQJA7MY4rvy4927
	Rpize4TBG1+2XwIAAEvGzkehWbsWA2Vb9jbhOwNDgmZDW635JDzRE0tN/0cl95sg
	GfAz3YRNUBt5+eI=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-96.6 required=5.0 tests=BAYES_00,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC autolearn=ham version=3.3.2 spammy=corinna-cygwin, corinnacygwin, became, readded
X-HELO:	calimero.vinschen.de
Date:	Wed, 23 Mar 2016 22:04:22 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Change PS1 when run as administrator
Message-ID:	<20160323210422.GA13802@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<F7CDFE45-BFA7-4599-B510-B40BCA19142F AT etr-usa DOT com> <28210846 DOT 20160315202354 AT yandex DOT ru> <87mvpz1ong DOT fsf AT Rainer DOT invalid> <0F37E0B7-A313-49F2-BAFD-59A7A144BD8C AT etr-usa DOT com> <loom DOT 20160323T125711-592 AT post DOT gmane DOT org> <20160323141740 DOT GT14892 AT calimero DOT vinschen DOT de> <loom DOT 20160323T184305-828 AT post DOT gmane DOT org>
MIME-Version:	1.0
In-Reply-To:	<loom.20160323T184305-828@post.gmane.org>
User-Agent:	Mutt/1.5.24 (2015-08-30)