X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AB7383858C2B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1692956568; bh=LLd7N3rAEqN1qK8dr3GCpQyJhKecVwYqRjLlXEzSaDc=; h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=Q4reMKvrELdheYy3smxHimEx7JzEVRc9/IhK0XVzAgrILVFPy38+TxpLZRxisE4jQ YEBLkszvffGG91bvAHSdF8JzWE8W/n+CYOYNXNXc7+dspxGJeuah5kWxY9j6CZUA/B K0172hG461pK2d1otlNr1WVXGhWdYyeIviOy0Uv8= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D6D9A3858C53 Date: Fri, 25 Aug 2023 11:42:31 +0200 To: cygwin AT cygwin DOT com Subject: Re: Test for Windows Administrator permissions from Cygwin terminal|script? Message-ID: Mail-Followup-To: cygwin AT cygwin DOT com References: <87cyzj4fep DOT fsf AT Rainer DOT invalid> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Corinna Vinschen via Cygwin Reply-To: cygwin AT cygwin DOT com Cc: Corinna Vinschen Content-Type: text/plain; charset="utf-8" Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 37P9gnvI009170 On Aug 24 18:24, Martin Wege via Cygwin wrote: > On Sat, Aug 19, 2023 at 10:15 AM ASSI via Cygwin wrote: > > > > Martin Wege via Cygwin writes: > > > How can I find out whether the current Cygwin terminal has > > > Administrator rights? I want to safeguard our admin scripts with a > > > simple test and bail out with an error if someone wants to do admin > > > stuff (say: regtool) without admin privileges. > > > > Windows really doesn't have a defined notion of what is or is not an > > "administrator". Each particular definition will be insufficient or > > invalid in certain contexts. When you're dealing with hardened > > installations (via group policies or otherwise), large windows domains > > and/or server administration you may have to be way more specific than > > just looking at one simple indication. > > > > That said, most commonly the presence of SID S-1-5-32-544 in your user > > token (in Cygwin: gid=544, unless you override it in the group config) > > will be the best simple approximation. Incidentally, this is what tcsh > > is using on Cygwin to define the "superuser" for the purpose of setting > > the prompt with "%#": > > https://github.com/tcsh-org/tcsh/blob/d075ab5b4155ebff9d30e765733c030c3da5e362/tc.prompt.c#L212 > > > > For (ba)sh scripts you can parse the output from id along the lines of > > > > id -G | grep -q '\<544\>' && echo admin || echo "not admin" > > Is there any guarantee that the UNIX GID of the "administrator" will > always be "544", regardless of locale or Country-specific version of > Windows? https://cygwin.com/pipermail/cygwin/2023-August/254218.html Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple