X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1CA253870885 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1692432948; bh=SjN5plRlB04dy5iglY/bvGJ3GZc5MvkQtMW9lBBc5ok=; h=To:Subject:In-Reply-To:References:Date:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=bm2l/XEctUTxOSvSfRuHVabOhaqx03xlRPemgY5503QU8u+N+DJtTWhBPfFAb7v6C ioYTmz7nRfFijpM4CwXjY72v6gxT3HcvqcMlZcQhF9SzkzE3udqporZjSI3oeN8wK5 YyuJad2opX3QAt+XteNvs5Z0nsjqmazVCzIQf9t0= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 40B4D38582A3 To: cygwin AT cygwin DOT com Subject: Re: Test for Windows Administrator permissions from Cygwin terminal|script? In-Reply-To: (Martin Wege via Cygwin's message of "Fri, 18 Aug 2023 04:01:01 +0200") References: Date: Sat, 19 Aug 2023 10:14:54 +0200 Message-ID: <87cyzj4fep.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 X-purgate-type: clean X-purgate: clean X-purgate-size: 1454 X-purgate-ID: 155817::1692432901-9FFFFA5E-4560C5AA/0/0 X-Spam-Status: No, score=-3028.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: ASSI via Cygwin Reply-To: ASSI Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Martin Wege via Cygwin writes: > How can I find out whether the current Cygwin terminal has > Administrator rights? I want to safeguard our admin scripts with a > simple test and bail out with an error if someone wants to do admin > stuff (say: regtool) without admin privileges. Windows really doesn't have a defined notion of what is or is not an "administrator". Each particular definition will be insufficient or invalid in certain contexts. When you're dealing with hardened installations (via group policies or otherwise), large windows domains and/or server administration you may have to be way more specific than just looking at one simple indication. That said, most commonly the presence of SID S-1-5-32-544 in your user token (in Cygwin: gid=544, unless you override it in the group config) will be the best simple approximation. Incidentally, this is what tcsh is using on Cygwin to define the "superuser" for the purpose of setting the prompt with "%#": https://github.com/tcsh-org/tcsh/blob/d075ab5b4155ebff9d30e765733c030c3da5e362/tc.prompt.c#L212 For (ba)sh scripts you can parse the output from id along the lines of id -G | grep -q '\<544\>' && echo admin || echo "not admin" should be most workable. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptation for Waldorf rackAttack V1.04R1: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple