This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Question about UAC and bash/cygwin

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Thu, 16 Aug 2012 11:02:04 +0200
Subject: Re: Question about UAC and bash/cygwin
References: <CAG9p0OTFaLUp7c8zpOtVQ=4zt-=fAqPvURJw758FS+d2rPOtgw@mail.gmail.com> <CE9C056E12502146A72FD81290379E9A49600AF0@ENFIRHMBX1.datcon.co.uk> <CAG9p0OQsu08mOqGC4NkAvKE_GbjvBJk675XR6TdU5+urbNsEuQ@mail.gmail.com>
Reply-to: cygwin at cygwin dot com

On Aug 15 05:39, Lord Laraby wrote:
> Adam Dinwoodie  wrote:
> 
> > Lord Laraby wrote:
> >>I've scanned months of the mailing list archives for an answers and searched
> >>until I've run out of ideas.
> >
> > Have you taken a look through the Cygwin user's guide? In particular, I suspect
> > the section on using Windows security in Cygwin will be relevant:
> >
> > http://cygwin.com/cygwin-ug-net/ntsec.html
> 
> I did indeed. In fact,I've tried to keep that document current in my
> mind with every new cygwin.dll that comes out. It's very informative
> about *Windows* security model.
> 
> However, what I can't see in that document (or the whole users guide)
> are topics related to UAC, privilege escalation/elevation (getting
> real administrator rights when you are an administrator), and anything
> about object integrity levels. How these things are very present and a
> pain in the *** on later (modern) windows hosts. There really isn't
> anything specifically related to WIndows 7's quirks.
> 
> Also, cygserver and cygLSA are really not well explained. I know they
> are there and have to do with changing user context. I know about
> passwd -R and other means of getting good user tokens. I can figure
> the rest out by reading the code I suppose.
> 
> Where I am lost in this is simply who does cygwin recognize I'm
> elevated to true administrator? It doesn't seem to and keeps putting
> all the files and directories I create (while escalated) under my
> non-elevated account rather than under root.

I don't know what you're up to, but Cygwin doesn't recognize if
your admin because it doesn't care.  Either your user token has
the required user rights to do some action or not.

If you want to use your admin rights, just elevate the mintty
window right from the start.

It's quite simple for you to find out if you're running under
UAC control, non-elevated, or if you have all rights available:
Just call `id' and see if the administors group is in your token.

> Why must I use the
> machine administrator account for this?

You don't have to.  But maybe you're a victim of file/registry
virtualization?  I'm a bit fuzzy on the details, but it happened
to me as well once, and it took ages to find out that the file
I was looking for had been stored under the
C:\Users\username\AppData\Local\VirtualStore path.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

References:
- Question about UAC and bash/cygwin
  - From: Lord Laraby
- RE: Question about UAC and bash/cygwin
  - From: Adam Dinwoodie
- Re: Question about UAC and bash/cygwin
  - From: Lord Laraby

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]