* [PATCH] base-files-4.0.6: Change prompt if running with admin rights
@ 2011-04-01 21:29 Christian Franke
2011-04-25 11:32 ` Christian Franke
0 siblings, 1 reply; 6+ messages in thread
From: Christian Franke @ 2011-04-01 21:29 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 296 bytes --]
The attached patch for /etc/profile and /etc/bash.bashrc sets a root
prompt ('#' instead of '$' or '%') if the shell runs with admin rights
(local or domain admin group).
Does not rely on a specific admin SID -> gid mapping in /etc/group.
Tested with bash, zsh, mksh, posh, dash.
Christian
[-- Attachment #2: base-files-4.0-6-rootprompt.patch --]
[-- Type: text/x-diff, Size: 2160 bytes --]
diff -rup base-files-4.0-6.orig/etc/defaults/etc/bash.bashrc base-files-4.0-6/etc/defaults/etc/bash.bashrc
--- base-files-4.0-6.orig/etc/defaults/etc/bash.bashrc 2011-03-17 21:30:38.000000000 +0100
+++ base-files-4.0-6/etc/defaults/etc/bash.bashrc 2011-03-31 15:38:12.000000000 +0200
@@ -16,7 +16,7 @@
[[ "$-" != *i* ]] && return
# Set a default prompt of: user@host and current_directory
-PS1='\[\e]0;\w\a\]\n\[\e[32m\]\u@\h \[\e[33m\]\w\[\e[0m\]\n\$ '
+PS1='\[\e]0;\w\a\]\n\[\e[32m\]\u@\h \[\e[33m\]\w\[\e[0m\]\n'"${PS1a:-\\\$ }"
# Uncomment to use the terminal colours set in DIR_COLORS
# eval "$(dircolors -b /etc/DIR_COLORS)"
diff -rup base-files-4.0-6.orig/etc/defaults/etc/profile base-files-4.0-6/etc/defaults/etc/profile
--- base-files-4.0-6.orig/etc/defaults/etc/profile 2011-03-18 17:59:18.000000000 +0100
+++ base-files-4.0-6/etc/defaults/etc/profile 2011-03-31 23:06:38.953125000 +0200
@@ -85,6 +85,16 @@ else
cd "${HOME}" || echo "WARNING: Failed attempt to cd into ${HOME}!"
fi
+# Set PS1a if user is in local or domain admin group
+unset PS1a
+grps="$(id -G 2>/dev/null)"
+for g in $(sed -n 's,^[^:]*:S-1-5\(-32-544\|-21-[^:]*-512\):\([0-9]*\):.*$,\2,p' /etc/group 2>/dev/null); do
+ case " $grps " in
+ *\ $g\ *) PS1a="# "; break;;
+ esac
+done
+unset g grps
+
# Shell dependent settings
profile_d ()
{
@@ -104,19 +114,20 @@ if [ ! "x${BASH_VERSION}" = "x" ]; then
elif [ ! "x${KSH_VERSION}" = "x" ]; then
typeset -l HOSTNAME=$(/usr/bin/hostname)
profile_d sh
- PS1=$(print '\033]0;${PWD}\n\033[32m${USER}@${HOSTNAME} \033[33m${PWD/${HOME}/~}\033[0m\n$ ')
+ PS1=$(print '\033]0;${PWD}\n\033[32m${USER}@${HOSTNAME} \033[33m${PWD/${HOME}/~}\033[0m\n'"${PS1a:-\$ }")
elif [ ! "x${ZSH_VERSION}" = "x" ]; then
HOSTNAME=$(/usr/bin/hostname)
profile_d zsh
- PS1='(%n@%m)[%h] %~ %% '
+ PS1='(%n@%m)[%h] %~ '"${PS1a:-%% }"
elif [ ! "x${POSH_VERSION}" = "x" ]; then
HOSTNAME=$(/usr/bin/hostname)
- PS1="$ "
+ PS1="${PS1a:-\$ }"
else
HOSTNAME=$(/usr/bin/hostname)
profile_d sh
- PS1="$ "
+ PS1="${PS1a:-\$ }"
fi
+unset PS1a
export PATH MANPATH INFOPATH USER TMP TEMP PRINTER HOSTNAME PS1
[-- Attachment #3: Type: text/plain, Size: 218 bytes --]
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] base-files-4.0.6: Change prompt if running with admin rights
2011-04-01 21:29 [PATCH] base-files-4.0.6: Change prompt if running with admin rights Christian Franke
@ 2011-04-25 11:32 ` Christian Franke
2011-04-25 14:08 ` Daniel Colascione
2011-04-26 2:52 ` David Sastre
0 siblings, 2 replies; 6+ messages in thread
From: Christian Franke @ 2011-04-25 11:32 UTC (permalink / raw)
To: cygwin
On 2011-04-01, Christian Franke wrote:
> The attached patch for /etc/profile and /etc/bash.bashrc sets a root
> prompt ('#' instead of '$' or '%') if the shell runs with admin rights
> (local or domain admin group).
>
Any comment so far? Wrong list ?
If this patch is not accepted:
Would it be possible to change /etc/profile such that PS1 is set before
/etc/profile.d scripts are run?
This would allow to change the prompt in a local /etc/profile.d script.
This worked with the old base-files 3.9
Thanks,
Christian
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] base-files-4.0.6: Change prompt if running with admin rights
2011-04-25 11:32 ` Christian Franke
@ 2011-04-25 14:08 ` Daniel Colascione
2011-04-27 6:41 ` Christian Franke
2011-04-26 2:52 ` David Sastre
1 sibling, 1 reply; 6+ messages in thread
From: Daniel Colascione @ 2011-04-25 14:08 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 860 bytes --]
On 4/24/11 9:39 AM, Christian Franke wrote:
> On 2011-04-01, Christian Franke wrote:
>> The attached patch for /etc/profile and /etc/bash.bashrc sets a root
>> prompt ('#' instead of '$' or '%') if the shell runs with admin rights
>> (local or domain admin group).
>>
>
> Any comment so far? Wrong list ?
I like the idea, but your patch adds two subprocess invocations to the
shell startup path. Each one takes ~200ms, and we can't afford to add
any more.
Instead of examining the group list, you can use something like
local isadmin=0
[[ -w / ]] && isadmin=1
or
local isadmin=0
[[ -w /cygdrive/c ]] && isadmin=1
Of course, that test assumes that only "administrators" can write to the
drive root, and that's an imperfect proxy for administrative rights. You
get the idea though: try to perform the test in pure bash code.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] base-files-4.0.6: Change prompt if running with admin rights
2011-04-25 11:32 ` Christian Franke
2011-04-25 14:08 ` Daniel Colascione
@ 2011-04-26 2:52 ` David Sastre
1 sibling, 0 replies; 6+ messages in thread
From: David Sastre @ 2011-04-26 2:52 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 984 bytes --]
On Sun, Apr 24, 2011 at 06:39:12PM +0200, Christian Franke wrote:
> On 2011-04-01, Christian Franke wrote:
> >The attached patch for /etc/profile and /etc/bash.bashrc sets a
> >root prompt ('#' instead of '$' or '%') if the shell runs with
> >admin rights (local or domain admin group).
Trying to detect users with admin rights in order to provide some
enhancements is something I'd like to add to base-files, and has been
discussed before:
http://cygwin.com/ml/cygwin-apps/2011-02/msg00013.html
> If this patch is not accepted:
> Would it be possible to change /etc/profile such that PS1 is set
> before /etc/profile.d scripts are run?
> This would allow to change the prompt in a local /etc/profile.d
> script. This worked with the old base-files 3.9
This shouldn't be a problem. I'll look into it.
Another solution would be setting PS1 and/or PATH in the user's
.bashrc.
--
Huella de clave primaria: AD8F BDC0 5A2C FD5F A179 60E7 F79B AB04 5299 EC56
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 230 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] base-files-4.0.6: Change prompt if running with admin rights
2011-04-25 14:08 ` Daniel Colascione
@ 2011-04-27 6:41 ` Christian Franke
2011-04-27 7:32 ` Christian Franke
0 siblings, 1 reply; 6+ messages in thread
From: Christian Franke @ 2011-04-27 6:41 UTC (permalink / raw)
To: cygwin
Daniel Colascione wrote:
> On 4/24/11 9:39 AM, Christian Franke wrote:
>
>> On 2011-04-01, Christian Franke wrote:
>>
>>> The attached patch for /etc/profile and /etc/bash.bashrc sets a root
>>> prompt ('#' instead of '$' or '%') if the shell runs with admin rights
>>> (local or domain admin group).
>>>
>>>
>> Any comment so far? Wrong list ?
>>
>
> I like the idea, but your patch adds two subprocess invocations to the
> shell startup path. Each one takes ~200ms, and we can't afford to add
> any more.
>
>
Agree.
> Instead of examining the group list, you can use something like
>
> local isadmin=0
> [[ -w / ]]&& isadmin=1
>
>
False positive if same user installed Cygwin by running setup.exe with
admin rights.
[[...]] does not work with posh and dash. But all shells apparently have
a builtin '[' command.
> or
>
> local isadmin=0
> [[ -w /cygdrive/c ]]&& isadmin=1
>
>
False positive if /cygdrive is mounted with 'noacl' option.
> Of course, that test assumes that only "administrators" can write to the
> drive root, and that's an imperfect proxy for administrative rights. You
> get the idea though: try to perform the test in pure bash code.
>
>
Using a read access test on a registry key with SYSTEM only access might
work in most cases:
[ -r /proc/registry/HKEY_LOCAL_MACHINE/SECURITY ] && isadmin=1
Test succeeds if SeBackupPrivilege is enabled which is the case for
Cygwin processes if user is in admin group or another group with this
privilege.
A test script for all shells is attached. Run with admin rights.
Requires cygdrop from cygutils package.
Script produces a false negative only from dash. Not really an issue, as
dash is normally not used interactively.
Christian
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] base-files-4.0.6: Change prompt if running with admin rights
2011-04-27 6:41 ` Christian Franke
@ 2011-04-27 7:32 ` Christian Franke
0 siblings, 0 replies; 6+ messages in thread
From: Christian Franke @ 2011-04-27 7:32 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 160 bytes --]
Christian Franke wrote:
> A test script for all shells is attached. Run with admin rights.
> Requires cygdrop from cygutils package.
>
Now it is attached :-)
[-- Attachment #2: admtest.sh.txt --]
[-- Type: text/plain, Size: 413 bytes --]
#!/bin/sh
#f=/proc/registry/HKEY_LOCAL_MACHINE/SAM/SAM
f=/proc/registry/HKEY_LOCAL_MACHINE/SECURITY
/bin/test -r $f || echo "test: false negative"
cygdrop -- /bin/test -r $f && echo "test: false positive"
for shell in bash zsh mksh posh dash; do
/bin/$shell -c "[ -r $f ]" || echo "$shell: false negative"
cygdrop -- /bin/$shell -c "[ -r $f ]" && echo "$shell: false positive"
done
[-- Attachment #3: Type: text/plain, Size: 218 bytes --]
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-04-26 21:32 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-04-01 21:29 [PATCH] base-files-4.0.6: Change prompt if running with admin rights Christian Franke
2011-04-25 11:32 ` Christian Franke
2011-04-25 14:08 ` Daniel Colascione
2011-04-27 6:41 ` Christian Franke
2011-04-27 7:32 ` Christian Franke
2011-04-26 2:52 ` David Sastre
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).