X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=v7QRRSYP3LkpG0uKaxQPD5t9GvOy7KLxBlor8xmbEG9rIgNZEut/C
	lAD2mb+T61tcJC3C41b1NYd6Y/b1YjLqT08euBJgLMrLHOCF/KmTalfCzcdCAIlZ
	OJts7L+oXfmMNXDjLl8UOzI2YH8J/rajkNXV4y1vJ5284DPPuASLic=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=E2XVSKhOZIxstkm0ANR5GrrHrnU=; b=c2vFDeBlWJgVKQ4IvzFHd4ujrIQt
	80o9x66lxkTxz47hhJ9riR+kKRjDvyGV9slh9RvnA5hOyE73QzkFM/ArnQRHYCtU
	nqLgkm8t8YyVBpPa7W4ycTGh/emfiLZz4QPrgWtKQv4UqX8iPcIuzHCvztVC+srN
	oUim1P1a2Qx/4XU=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1
Date: Wed, 29 May 2013 17:23:39 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Using native symlinks
Message-ID: <20130529152339.GB4471@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <CAGHJv4ftSKS6wR-Uzd9Gfvowqpn-WCQ0U01NexgCpZaYqd-Tow AT mail DOT gmail DOT com> <20130528185553 DOT GA31309 AT calimero DOT vinschen DOT de> <CAGHJv4fkvRt1gQfNTarHGUQWvdRxRsy=oAA=pjUQTLQFoNoW-g AT mail DOT gmail DOT com> <20130529083910 DOT GD31309 AT calimero DOT vinschen DOT de> <CAGHJv4cUbx_sMCwUgzTd3ZaXVgbfgPt1Fs7pOO4UtwZhFFj-uA AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAGHJv4cUbx_sMCwUgzTd3ZaXVgbfgPt1Fs7pOO4UtwZhFFj-uA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)

On May 29 10:33, Chris Sutcliffe wrote:
> On 29 May 2013 04:39, Corinna Vinschen wrote:
> > On May 28 22:23, Chris Sutcliffe wrote:
> >> It works fine if I create the native symlinks in an elevated shell,
> >> but does not if I create the native symlinks in a "normal" shell.  Is
> >> this expected (i.e. does creating native symlinks only work in
> >> elevated shells?).
> >
> > Welcome to the wonderful world of native NTFS symlinks!!1!11!!
> >
> > It's true and it works like this: Have a look into the "Local Security
> > Policy" MMC Snap-in.  In the left hand tree view navigate to
> > "Security Settings" -> "Local Policies" -> "User Rights Assignments".
> > On the right side look for "Create symbolic links".  You will see that
> > by default only members of the Administrators group are allowed to
> > create symlinks.
> >
> > If you're running under an admin account in a non-elevated shell, your
> > token has been stripped by all Admin-only user rights, so you also have
> > no right to create symlinks.
> >
> > To workaround that, you can either add yourself to the "Create symbolic
> > links" right, or you can add the "Users" group if you want to allow
> > every user to create symlinks.  But this requires changing it on all
> > machines manually, so alternatively you can create a domain policy which
> > adds the trusted users to this user right on all machines.
> 
> I tried this approach and I'm still not having any luck with the user
> being able to create native symbolic links in a non-elevated shell.

What approach?  Adding the Users group to the Local Security Policy or
adding a domain policy?  If the latter, did you call gpupdate on the
client or reboot the client machine to propagate the domain policy?

Also, either way, did you logoff and logon so that the "Create symbolic
links" user right can be added to your user token?  Note that your token
remains unchanged if you didn't exit from your session.  Just changing
the Policy isn't enough, the OS needs achance to create a new user token
for you containing the user right.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple