X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=tfsMZfWGgnTzH6gJ1Aec9JCO49/wmDFm4OG0VLj+mGCVkEKpcLg4Z
	1V5sIYeX7UmXxO2uVKP+JPgQsQmkFTWLWLy4BQ9rFXyw36/GqpcLsYgeYdMkLVKh
	LLmYqJAqpNnAwQ8Dm5bX0Ae/b94Il/FGqzi557qz5aJSI3xdoSdZ+g=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=i0KdbX7+sPxpu31I859Jl8nM+qk=; b=efqhGA8t7ZDrrSfEhUNPpwSSQF95
	ELp3kK1IXbcpT7+ckUzdMzslmqbUHBer9MTwQgO5IyTpk4H5J+a/4rPgGPf7tu/t
	F+GUsS53bGb1Zu23mnqkQVFTOaKLW0n19lTmbJC8Gdol/Uw/KlMV4bs1oJLhJfhH
	UgA17/pJD+CYboE=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-3.9 required=5.0 tests=BAYES_50,GOOD_FROM_CORINNA_CYGWIN,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC autolearn=ham version=3.3.2 spammy=authentication, authenticated, Authenticated, mandatory
X-HELO: calimero.vinschen.de
Date: Wed, 23 Mar 2016 15:17:40 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Change PS1 when run as administrator
Message-ID: <20160323141740.GT14892@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <F7CDFE45-BFA7-4599-B510-B40BCA19142F AT etr-usa DOT com> <28210846 DOT 20160315202354 AT yandex DOT ru> <87mvpz1ong DOT fsf AT Rainer DOT invalid> <0F37E0B7-A313-49F2-BAFD-59A7A144BD8C AT etr-usa DOT com> <loom DOT 20160323T125711-592 AT post DOT gmane DOT org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;	protocol="application/pgp-signature"; boundary="YqKeQn+qkMVHQmbT"
Content-Disposition: inline
In-Reply-To: <loom.20160323T125711-592@post.gmane.org>
User-Agent: Mutt/1.5.24 (2015-08-30)

--YqKeQn+qkMVHQmbT
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar 23 12:35, Brian Inglis wrote:
> Warren Young <wyml <at> etr-usa.com> writes:
> > On Mar 15, 2016, at 2:17 PM, Achim Gratz <Stromeko <at> nexgo.de> wrote:
> >> Andrey Repin writes:
> >>>    test $group -eq 114 && { x=3D"#"; break; }
> >> Nope, that group membership isn't associated with real administrative
> >> powers.
> > Confirmed, at least on Win10 64-bit without any AD mucking things up.
> > That is, I get both 114 and 544 here, so I don=E2=80=99t need the 114 r=
ule at all.
>=20
> Opposite for me on Win7 x64 non-domain machine!=20
> I am always a member of 544(Administrators) group and it is my default
> primary group in normal non-admin and elevated admin shells.=20
>=20
> In elevated admin shell, I am also a member of 114(Local account and memb=
er
> of Administrators group) and 405504(High Mandatory Level) not 401408(Medi=
um
> Mandatory Level).=20
>=20
> No idea how this works in domains and with domain accounts, but perhaps
> checking for 114 and/or 405504 would be more portable?=20
>=20
> $ uname -srvmo
> CYGWIN_NT-6.1 2.4.1(0.293/5/3) 2016-01-24 11:26 x86_64 Cygwin
>=20
> normal non-admin shell:
> $ id
> uid=3D... gid=3D544(Administrators)
> groups=3D544(Administrators),197121(None),197610(HomeUsers),545(Users),
> 4(INTERACTIVE),66049(CONSOLE
> LOGON),11(Authenticated Users),15(This Organization),113(Local
> account),4095(CurrentSession),66048(LOCAL),262154(NTLM
> Authentication),401408(Medium Mandatory Level)

You have either some /etc/passwd, /etc/group settings overshadowing the
default settings, or you used the "desc" method described in
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch-desc
to change your primary group.

Otherwise your primary group is always "None", or the equivalent in your
locale.  The admins group is *never* the primary group, unless you
messed with the settings for Cygwin as outlined above.

If you're member in the Admins group, then the admins group is part of
the non-elevated token, but only as "deny-only" group.  That means, it's
usually not shown in id, unless you made it primary group, in which case
it has to be shown.

You better remove this.  I think I'll fix this function to not allow
primary groups wehich are not enabled in the token.


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--YqKeQn+qkMVHQmbT
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW8qWDAAoJEPU2Bp2uRE+gVlkP/1SJKGofAP2cnD1FjC2JSi+9
vWyVyghxLyPEtBxSNSEhYAT6miiJPKwkcjwvILCY9OJaRqYi50B3L2Dnu52ElAr3
8QiJpaeKZrEYeYOMyC2hqoV1Pw4LESBu+IS3lu+GkyDkBBXT3oPwBLQ4zK2bgLiE
4HAYzIuFvfv3XZVLVU4qXo+AdiD2DW14yi26+oQ4qs50Qs0Xum2za5Efaxz/hgPZ
tUiMQPFvOF6UvLiUyDIk0bat6mwhtRWvvpjtJ/5OThkkm1estB4xkskvOVEFuqdW
/R0MfeLs3wCvUVEcjWWcDrTOLcPlnfBdBkb8FQu2CbvBKtpLC6p5M/PBg248cJEB
Jj2LSPYrp/oZc0+w661FWqF8plMnSk4TonunFvhGYZquxNx/tnJx2Lr5Jy3vaovT
mMI4Iy+0ZfCtv4GX5BUKOuoHpgqq0P0DuUcD151bqxgvbgEGOoZOn+rHNh2r+dsQ
nnKbsDZbSJjwTeO73YpWgAjCZOdhKCtocTJEJn2Bql53qChkUxG6+FvwFrmcXd1t
t1FGgABlvEI4mBWWEGSvFtUF/SoQUsYX4ayE/dsR9JH8Vaqxvi8GQhPkdy5uLQjV
z3m0UJNFSRUpKXPu4+IO0d1mXQGz9BE0ffkMotMc1zGswCJ04r4IiwLKMyamjwPz
9ORyUzm+eNzxniPVW74d
=gKCr
-----END PGP SIGNATURE-----

--YqKeQn+qkMVHQmbT--