This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Question about UAC and bash/cygwin
On Thu, Aug 16, 2012Corinna Vinschen
> On Aug 16 08:48, Lord Laraby wrote:
>> On Thu, Aug 16, 2012 Corinna Vinschen wrote:
>> > On Aug 16 07:06, Lord Laraby wrote:
>>
>> See, here where I said I want to know if the user is in fact
>> "elevated"? I'm always a member of the Administrators Group (group
>> 544) even when I have no such privileges to "administer" the system.
>>
>> > What is it good for to have uid 0? You want to know if you have admin
>> > rights, so why don't you simply check for the admin group in the
>> > supplementary group list?
>>
>> The uid 0 feature is just a unixy way of indicating that my account
>> has already passed and accepted the UAC and I'm now running as a
>> normal admin (not a puny user).
>>
> Huh? When you're not running elevated, the admin group will not be in
> the list of supplementary groups. What other information do you need?
> What's the problem?
>
>
> Corinna
Apparently, we're seeing completely different things then. Here's two
examples I ran one normally and one elevated.
non-elevated:
master@Master-PC ~
$ cd /etc/at-spi2/
master@Master-PC /etc/at-spi2
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
Note ------------^^^^^^^^^^^
master@Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf
master@Master-PC /etc/at-spi2
$ mv accessibility.conf accessibility.conf.tmp
mv: cannot move `accessibility.conf' to `accessibility.conf.tmp':
Permission denied
^^^ Not able to bypass ACL (but note being in group 0 (544)
*** Now try in elevated mode
Elevated:
master@Master-PC ~
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
master@Master-PC ~
$ cd /etc/at-spi2/
master@Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf
master@Master-PC /etc/at-spi2
$ mv accessibility.conf accessibility.conf.sav
^^^ No error and successfully used admin provileges...
master@Master-PC /etc/at-spi2
$ mv accessibility.conf.sav accessibility.conf
^^^ Again
master@Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf
master@Master-PC /etc/at-spi2
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
Note ------------^^^^^^^^^^^
master@Master-PC /etc/at-spi2
------------
See, root (545) is on my groups all the time - elevated or not. Unless
this is an error of some magnitude that it was inadvertently changed,
I cannot say.
Needless to say, as you can see from the sample out above, I can only
do certain things elevated (admin-type tasks) regardless of having
root in my groups.
Any suggestions on why I get different results?
LL
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple