From: Andrey Repin <anrdaemon@yandex.ru>
To: LRN <lrn1986@gmail.com>, cygwin@cygwin.com
Subject: Re: winsymlinks:nativestrict and Windows 10
Date: Tue, 19 Mar 2019 17:20:00 -0000 [thread overview]
Message-ID: <1585347268.20190319201128@yandex.ru> (raw)
In-Reply-To: <f4207a77-a8d4-6004-dd76-2bc789e8d34f@gmail.com>
Greetings, LRN!
> On 19.03.2019 15:23, Andrey Repin wrote:
>> It's not a secret that in earlier Windows versions members of Administrators
>> group require elevated shell to create symlinks.
>> Win10 is supposed to be easier, but all I've found was pointing to some
>> obscure "developer mode".
> Newer Windows 10 added a feature where passing a certain flag
> (SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE) to a W32 API function that
> creates symlink (CreateSymbolicLinkW) allows you to create symlinks without
> being Administrator.
> This flag only works if you put Windows into developer mode (you can toggle
> this in Settings->Update & Security->For developers).
> Newer versions of Cygwin know about this flag, and will always try to use it.
> Ironically, some programs built into Windows do *not* use this flag, and will
> continue to fail to create symlinks. Similarly, old versions of Cygwin or,
> really, any Windows (MinGW/MSVC) program that does symlinks, will not be able
> to use it, since they are not passing that flag. Any program that uses Cygwin
> runtime will automatically benefit from this feature if Cygwin runtime itself
> is new enough, since programs built against Cygwin just call `symlink()` and
> don't have to know anything about implementation details.
>> I wonder if it is possible to add some permission to the account instead and
>> call it a day?
>>
> Devmode + SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE is the only way to
> create symlinks without being Administrator (that i know of). You can't just
> give some extra privileges to your non-administrator account. I know, i've tried.
> Do note that this still doesn't fix the fundamental problem of NTFS symlinks
> being either files or directories, but not both at the same time, unlike
> symlink on other filesystems that have "dynamic" type and thus can be files or
> directories depending on what they are pointing to at any given moment. But you
> must already know what, since you're using nativestrict.
It's even worse than that. Windows 10 fully resolves symlinks BEFORE passing
them to any application.
Say, you want to start X:\Y\z which is a symlink to A:\B\c.
On Win7, the command line will be X:\Y\z
On Win10, it will be A:\B\c. All relative paths inside program will be
relative to "A:\B".
No way to have program mode switching by name, like it is often seen in *NIX.
This shit completely ruined my setup.
--
With best regards,
Andrey Repin
Tuesday, March 19, 2019 19:59:00
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
prev parent reply other threads:[~2019-03-19 17:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-19 12:35 Andrey Repin
2019-03-19 14:23 ` LRN
2019-03-19 15:16 ` Frank Redeker
2019-03-19 16:57 ` Corinna Vinschen
2019-03-19 17:20 ` Andrey Repin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1585347268.20190319201128@yandex.ru \
--to=anrdaemon@yandex.ru \
--cc=cygwin@cygwin.com \
--cc=lrn1986@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).