X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E380A3856973
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1692894309;
	bh=7TxlPUJgyEZEf84Ehh+Dz26+cseN4wSJxX29DAOkwdI=;
	h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=Zen/T37e//NE8hUq5kxSCUXJ4oCWNLSb9I7E9KejpoYbfMZlj7D3RBw+/yep3mleO
	 oIOoj3OphT/0P+3JBZUI6BKMBTiX6QHdLSy+/UPGVFHgnieR3zUiUai26juUX9pH0t
	 XYeAe0LI8B3nRJwL/pso/QAnmXA9Rtk8NkNiXKAg=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D66BD3858C2C
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1692894269; x=1693499069;
 h=content-transfer-encoding:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=LJ31GqMu2s07ImLQn5XXdPteb2Pap8H27bzGEODfpvM=;
 b=gi1iG5y2IXNTvS0yzliqboL1yNqx6aY/dzeTCZsl6yGGTx2cJkKMnql+VWkuzZrz55
 9yW81qBebUzW/qZxYP+dDGd+3eAmafqUerklOTIQNhLTV/OLAvyDu+RzM4M6RjhAjcOT
 DwRM/5njyaD7E2We/eFy+lwmqraeFcIOx76x0vaot3ZIyeAetikefE8JY3Rx8dg5mRzt
 RSotkGUi6BabkH1jiYX0OUXDuF6HY91oglb0Ok0Wo84BblBeXLF8WWhBZIergIUV1VZt
 tt1yrgmOlU/VphxBxrd5mBvLxR+yhyiZE5y9PuqZkdZToNFon3yAGepj2Rx62Fu/h3oE
 V1Qg==
X-Gm-Message-State: AOJu0YxxMd9KVGLBV8HVDpo27jBCC0HzzjDUlfyUT1+TGyK4cBE6lWDv
 s8gmIMd5KR9yA4xrYABBIY4N6XSDsqmg9KsnEbKWcOWT0AB+cQ==
X-Google-Smtp-Source: AGHT+IFFeWqKorTKQm1/mzIWM6nN96PZzPf6ecLnZpacWhTlin+B2y3plGzR1+WbFeMb7Tj28KNdz9adIk9h/cETx4c=
X-Received: by 2002:a05:6870:1691:b0:19f:2c0e:f865 with SMTP id
 j17-20020a056870169100b0019f2c0ef865mr263458oae.7.1692894268789; Thu, 24 Aug
 2023 09:24:28 -0700 (PDT)
MIME-Version: 1.0
References: <CANH4o6OpsvT99AeJ2uTcqyajWQHmffYJqV=RR4HBxoFaveR7sQ AT mail DOT gmail DOT com>
 <87cyzj4fep DOT fsf AT Rainer DOT invalid>
In-Reply-To: <87cyzj4fep.fsf@Rainer.invalid>
Date: Thu, 24 Aug 2023 18:24:17 +0200
Message-ID: <CANH4o6MJj3W6GCEXsp82bZC49982nnz1Tb9Yfgh2zCdBBE-rjg@mail.gmail.com>
Subject: Re: Test for Windows Administrator permissions from Cygwin
 terminal|script?
To: cygwin AT cygwin DOT com
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Martin Wege via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Martin Wege <martin DOT l DOT wege AT gmail DOT com>
Content-Type: text/plain; charset="utf-8"
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 37OGPBY3006089

On Sat, Aug 19, 2023 at 10:15 AM ASSI via Cygwin <cygwin AT cygwin DOT com> wrote:
>
> Martin Wege via Cygwin writes:
> > How can I find out whether the current Cygwin terminal has
> > Administrator rights? I want to safeguard our admin scripts with a
> > simple test and bail out with an error if someone wants to do admin
> > stuff (say: regtool) without admin privileges.
>
> Windows really doesn't have a defined notion of what is or is not an
> "administrator".  Each particular definition will be insufficient or
> invalid in certain contexts.  When you're dealing with hardened
> installations (via group policies or otherwise), large windows domains
> and/or server administration you may have to be way more specific than
> just looking at one simple indication.
>
> That said, most commonly the presence of SID S-1-5-32-544 in your user
> token (in Cygwin: gid=544, unless you override it in the group config)
> will be the best simple approximation.  Incidentally, this is what tcsh
> is using on Cygwin to define the "superuser" for the purpose of setting
> the prompt with "%#":
> https://github.com/tcsh-org/tcsh/blob/d075ab5b4155ebff9d30e765733c030c3da5e362/tc.prompt.c#L212
>
> For (ba)sh scripts you can parse the output from id along the lines of
>
> id -G | grep -q '\<544\>' && echo admin || echo "not admin"

Is there any guarantee that the UNIX GID of the "administrator" will
always be "544", regardless of locale or Country-specific version of
Windows?

Also, this might be something for a Cygwin ADMINISTRATOR&PROGRAMMING
FAQ, if there is such a thing.

Thanks,
Martin

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple