X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-4.4 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE X-Spam-Check-By: sourceware.org MIME-Version: 1.0 In-Reply-To: <20120816143205.GI17546@calimero.vinschen.de> References: <502C6B1C DOT 5030900 AT cygwin DOT com> <20120816090344 DOT GD5536 AT calimero DOT vinschen DOT de> <20120816113834 DOT GF17546 AT calimero DOT vinschen DOT de> <20120816143205 DOT GI17546 AT calimero DOT vinschen DOT de> Date: Thu, 16 Aug 2012 11:06:25 -0400 Message-ID: Subject: Re: Question about UAC and bash/cygwin From: Lord Laraby To: cygwin AT cygwin DOT com Content-Type: text/plain; charset=ISO-8859-1 X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Thu, Aug 16, 2012Corinna Vinschen > On Aug 16 08:48, Lord Laraby wrote: >> On Thu, Aug 16, 2012 Corinna Vinschen wrote: >> > On Aug 16 07:06, Lord Laraby wrote: >> >> See, here where I said I want to know if the user is in fact >> "elevated"? I'm always a member of the Administrators Group (group >> 544) even when I have no such privileges to "administer" the system. >> >> > What is it good for to have uid 0? You want to know if you have admin >> > rights, so why don't you simply check for the admin group in the >> > supplementary group list? >> >> The uid 0 feature is just a unixy way of indicating that my account >> has already passed and accepted the UAC and I'm now running as a >> normal admin (not a puny user). >> > Huh? When you're not running elevated, the admin group will not be in > the list of supplementary groups. What other information do you need? > What's the problem? > > > Corinna Apparently, we're seeing completely different things then. Here's two examples I ran one normally and one elevated. non-elevated: master AT Master-PC ~ $ cd /etc/at-spi2/ master AT Master-PC /etc/at-spi2 $ id uid=1001(master) gid=0(root) groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none) Note ------------^^^^^^^^^^^ master AT Master-PC /etc/at-spi2 $ ls -l total 4 -rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf master AT Master-PC /etc/at-spi2 $ mv accessibility.conf accessibility.conf.tmp mv: cannot move `accessibility.conf' to `accessibility.conf.tmp': Permission denied ^^^ Not able to bypass ACL (but note being in group 0 (544) *** Now try in elevated mode Elevated: master AT Master-PC ~ $ id uid=1001(master) gid=0(root) groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none) master AT Master-PC ~ $ cd /etc/at-spi2/ master AT Master-PC /etc/at-spi2 $ ls -l total 4 -rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf master AT Master-PC /etc/at-spi2 $ mv accessibility.conf accessibility.conf.sav ^^^ No error and successfully used admin provileges... master AT Master-PC /etc/at-spi2 $ mv accessibility.conf.sav accessibility.conf ^^^ Again master AT Master-PC /etc/at-spi2 $ ls -l total 4 -rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf master AT Master-PC /etc/at-spi2 $ id uid=1001(master) gid=0(root) groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none) Note ------------^^^^^^^^^^^ master AT Master-PC /etc/at-spi2 ------------ See, root (545) is on my groups all the time - elevated or not. Unless this is an error of some magnitude that it was inadvertently changed, I cannot say. Needless to say, as you can see from the sample out above, I can only do certain things elevated (admin-type tasks) regardless of having root in my groups. Any suggestions on why I get different results? LL -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple