X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-2.6 required=5.0	tests=AWL,BAYES_00,KHOP_THREADED,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_NO,RP_MATCHES_RCVD,UNPARSEABLE_RELAY
X-Spam-Check-By: sourceware.org
Message-ID: <502D435C.2070801@t-online.de>
Date: Thu, 16 Aug 2012 21:00:44 +0200
From: Christian Franke <Christian DOT Franke AT t-online DOT de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120715 Firefox/14.0.1 SeaMonkey/2.11
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Question about UAC and bash/cygwin
References: <CAG9p0OTFaLUp7c8zpOtVQ=4zt-=fAqPvURJw758FS+d2rPOtgw AT mail DOT gmail DOT com> <CE9C056E12502146A72FD81290379E9A49600AF0 AT ENFIRHMBX1 DOT datcon DOT co DOT uk> <CAG9p0OQsu08mOqGC4NkAvKE_GbjvBJk675XR6TdU5+urbNsEuQ AT mail DOT gmail DOT com> <502C6B1C DOT 5030900 AT cygwin DOT com> <CAG9p0OS3HKvaE9ye6g3vKP4kXPZGBw=uc-ELb0WcvdPefGQmFg AT mail DOT gmail DOT com> <20120816090344 DOT GD5536 AT calimero DOT vinschen DOT de> <CAG9p0ORs1BLte6nm_8iAHQan1Y+mESJQpNmjf=SiuJjHuSr83g AT mail DOT gmail DOT com> <20120816113834 DOT GF17546 AT calimero DOT vinschen DOT de>
In-Reply-To: <20120816113834.GF17546@calimero.vinschen.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Corinna Vinschen wrote:
> On Aug 16 07:06, Lord Laraby wrote:
>>   My, major emphasis is recognizing in the Cygwin dll
>> or startup code somewhere) that the user has full Administrator rights
>> and simply replacing his normal UID with 0 (or that of whomever root
>> seems to be by /etc/passwd). Internally (at cygwin.dll level) he/she
>> is still the same user, but the desired effects would be that bash and
>> others might change his prompt to '#' and that scripts can check for
>> admin rights and files he/she created would become owned by UID 0 (or
>> the Administrators group).
> What is it good for to have uid 0?  You want to know if you have admin
> rights, so why don't you simply check for the admin group in the
> supplementary group list?
>
> Here's what I do in my tcsh ~/.cshrc profile to set the prompt:
>
>    id -G | egrep -q '\<544\>' && set prompt = '#  || set prompt = '\$ '
>
>

I use this simple check which does not depend on /etc/group contents:

  test -r /proc/registry/HKEY_LOCAL_MACHINE/SECURITY && PS1='# ' || PS1='$ '

Relies on the fact that Cygwin (unlike most non-Cygwin programs) enables 
SeBackupPrivilege if available.

See also: http://cygwin.com/ml/cygwin/2012-02/msg00806.html

Christian


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple