X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :mime-version:content-type:content-transfer-encoding; q=dns; s= default; b=cvlpMXykJVCYXj+0v6/y8brcyqtGd2RInywUy7WADIhwdfUdlns24 crfAcs256PNmwJ3WwVO07LmeKTltk/OGzJoV0ZYJ0dQgiFqh1rQI2xH02Vv1vLtG 3N2Rng/HDQRVmHS2FwY0yS/FsMhj4Q7qcnMZqZuImPeU9CKSSw3bbU= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :mime-version:content-type:content-transfer-encoding; s=default; bh=hCzz860oyUl1bgFSOyEdGj++CAY=; b=JqxcmnhCCSGA0st6cCS5fclDiTdJ kzWyWgXdalY78zFkBAwVNVtPFffixgqyuIVW+1NynuoydVVXQhsFdV3XR0snZ5e2 LfNvGCod7jRIGQCAMTnsBX0bdFPL25Q5fGqktfqBVkiUjaR5wkzESGkOnf8myDDs +6lzzpHb0oakHH8= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: plane.gmane.org To: cygwin AT cygwin DOT com From: Andrew Schulman Subject: Re: how to determine if a shell is running as Administrator? Date: Thu, 05 Feb 2015 09:38:33 -0500 Lines: 42 Message-ID: <8us6da1mc84clhtt2hgsliu2tor8mddcga@4ax.com> References: <20150205100349 DOT GS2635 AT calimero DOT vinschen DOT de> <87siekhaz6 DOT fsf AT Rainer DOT invalid> <20150205113926 DOT GT2635 AT calimero DOT vinschen DOT de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Archive: encrypt X-IsSubscribed: yes > On Feb 5 12:08, Achim Gratz wrote: > > Corinna Vinschen writes: > > >> 2. Parse the output of groups or id -G. I can't find any reliable way to do > > >> this. For example on my host, when I start a shell with "Run as administrator", > > >> the new group I get isn't 544 (Administrators). It's 114 (Local account and > > >> member of Administrators group). Is that at all portable or reliable? > > > > > > Huh? There is no such group in Windows. Where does it come from? > > > > Yes there is, at least on Windows 8.1N Core and Server 2012R2. In fact > > there are two new SID: > > > > 113 (Local account) > > 114 (Local account and member in Administrators group) > > > > http://blogs.technet.com/b/secguide/archive/2014/09/02/blocking-remote-use-of-local-accounts.aspx > > https://msdn.microsoft.com/en-us/library/cc980032.aspx > > Thanks for the info. Now I remember that I saw them already at one > point, but I never had a deeper look what they actually are good for. Yes, thanks. And BTW I'm using Windows 7. The first URL above says that the new groups are also used there after KB2871997. > However, the user token of such a user still contains the Administrators > group (I just tested it) and thus the `id -G' test for 544 (or 0 with > the old "root" entry in /etc/group) is still valid. OK, I see. Yes, when I Run as administrator I have $ id -G 513 114 1007 1001 0 545 4 66049 11 15 113 4095 66048 262154 405504 which includes 0. So it seems that the test for group 544 or 0 is the way to tell if the user has admin rights. If you want to know (I don't) specifically if they got those rights from Run as administrator, the presence of group 114 will tell you that, but only in newer OSes. Thanks everyone! Cygwin rocks Andrew -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple