X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-3.8 required=5.0	tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE
X-Spam-Check-By: sourceware.org
MIME-Version: 1.0
In-Reply-To: <CE9C056E12502146A72FD81290379E9A49600AF0@ENFIRHMBX1.datcon.co.uk>
References: <CAG9p0OTFaLUp7c8zpOtVQ=4zt-=fAqPvURJw758FS+d2rPOtgw AT mail DOT gmail DOT com>	<CE9C056E12502146A72FD81290379E9A49600AF0 AT ENFIRHMBX1 DOT datcon DOT co DOT uk>
Date: Wed, 15 Aug 2012 05:39:47 -0400
Message-ID: <CAG9p0OQsu08mOqGC4NkAvKE_GbjvBJk675XR6TdU5+urbNsEuQ@mail.gmail.com>
Subject: Re: Question about UAC and bash/cygwin
From: Lord Laraby <lord DOT laraby AT gmail DOT com>
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset=ISO-8859-1
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Adam Dinwoodie  wrote:

> Lord Laraby wrote:
>>I've scanned months of the mailing list archives for an answers and searched
>>until I've run out of ideas.
>
> Have you taken a look through the Cygwin user's guide? In particular, I suspect
> the section on using Windows security in Cygwin will be relevant:
>
> http://cygwin.com/cygwin-ug-net/ntsec.html

I did indeed. In fact,I've tried to keep that document current in my
mind with every new cygwin.dll that comes out. It's very informative
about *Windows* security model.

However, what I can't see in that document (or the whole users guide)
are topics related to UAC, privilege escalation/elevation (getting
real administrator rights when you are an administrator), and anything
about object integrity levels. How these things are very present and a
pain in the *** on later (modern) windows hosts. There really isn't
anything specifically related to WIndows 7's quirks.

Also, cygserver and cygLSA are really not well explained. I know they
are there and have to do with changing user context. I know about
passwd -R and other means of getting good user tokens. I can figure
the rest out by reading the code I suppose.

Where I am lost in this is simply who does cygwin recognize I'm
elevated to true administrator? It doesn't seem to and keeps putting
all the files and directories I create (while escalated) under my
non-elevated account rather than under root. Why must I use the
machine administrator account for this? I had wanted to leave that
special completely disabled, but it seems I'm not allowed to. Also,
when installing or updating, it seems I must use the machine
administrator account for setup.exe as well? Who owns the installed
files, otherwise? Not who I'd think.

Sorry if the questions are a bit too numerous. I wish I could just
siphon knowledge from Corinna's brain. :)

--
Lord Laraby

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple