From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin-apps@cygwin.com
Subject: Re: cannot run setup64.exe without admin privileges (even if renamed foo.exe)
Date: Tue, 15 Oct 2013 09:08:00 -0000 [thread overview]
Message-ID: <20131015090805.GC19383@calimero.vinschen.de> (raw)
In-Reply-To: <6CF2FC1279D0844C9357664DC5A08BA215F9C7@MLBXV06.nih.gov>
[-- Attachment #1: Type: text/plain, Size: 2144 bytes --]
[Redirected to cygwin-apps]
On Sep 23 13:57, Buchbinder, Barry (NIH/NIAID) [E] wrote:
> Larry Hall (Cygwin) sent the following at Sunday, September 22, 2013 9:42 PM
> >No, "All Users" is also required to set up services (like sshd, crond,
> >etc.) to work for all users (i.e. switch user context). This is the
> >recommended way to install so that these subsequent facilities can be
> >used with a minimum of fuss or trouble.
>
> Thank you for the explanation.
>
> Still, I'd like to urge the setup-meisters to keep those of us without
> admin rights in mind. If we have to compile setup ourselves, many of
> us will be staying with 32 bit for a long time.
I just had a weird idea how we *might* accomplish this for 32 and 64 bit
in the same way.
Assuming setup would get an "asInvoker" manifest, so it runs with the
privileges of the current user. First thing it would check its user
token. There are three cases:
- When started by a non-admin user, the user token would contain no
trace of the administrators group in the user token group list.
In this case, setup would just run along as usual for the current user.
- When started elevated (with "Run as administrator...", for instance),
the user token group list would contain the administrators group,
enabled. So setup knows it has admin rights anyway and just runs along
as in the non-admin user case. So, in fact, these two cases are just
one case.
- Now, when started by an admin user, but not elevated, the group list
would contain the administrators group, too, but with the "Use for
deny only" flag set. If setup recognizes this flag, rather than running
along, it calls ShellExecute on itself, with the "runas" flag set.
So it elevates a copy of itself and just exits. The elevated copy
then runs as usual.
The only downside with this concept, as far as I can see, is, somebody
would have to implement it...
Does that sound feasible?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
next parent reply other threads:[~2013-10-15 9:08 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <6CF2FC1279D0844C9357664DC5A08BA215F56A@MLBXV06.nih.gov>
[not found] ` <523F9C4F.6010109@cygwin.com>
[not found] ` <6CF2FC1279D0844C9357664DC5A08BA215F9C7@MLBXV06.nih.gov>
2013-10-15 9:08 ` Corinna Vinschen [this message]
2013-10-15 10:21 ` Shaddy Baddah
2013-10-15 12:22 ` Corinna Vinschen
2013-10-15 15:18 ` Shaddy Baddah
2013-10-15 16:00 ` Corinna Vinschen
2013-11-04 11:59 ` Corinna Vinschen
2013-11-06 11:18 ` Shaddy Baddah
2013-11-06 13:21 ` Shaddy Baddah
2013-11-06 13:43 ` Corinna Vinschen
2013-11-06 16:12 ` Christopher Faylor
2013-11-06 16:50 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131015090805.GC19383@calimero.vinschen.de \
--to=corinna-cygwin@cygwin.com \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).