[PATCH] base-files-4.0.6: Change prompt if running with admin rights

[PATCH] base-files-4.0.6: Change prompt if running with admin rights

[Christian Franke]

[-- Attachment #1: Type: text/plain, Size: 296 bytes --]

The attached patch for /etc/profile and /etc/bash.bashrc sets a root 
prompt ('#' instead of '$' or '%') if the shell runs with admin rights 
(local or domain admin group).

Does not rely on a specific admin SID -> gid mapping in /etc/group.

Tested with bash, zsh, mksh, posh, dash.

Christian


[-- Attachment #2: base-files-4.0-6-rootprompt.patch --]
[-- Type: text/x-diff, Size: 2160 bytes --]

diff -rup base-files-4.0-6.orig/etc/defaults/etc/bash.bashrc base-files-4.0-6/etc/defaults/etc/bash.bashrc
--- base-files-4.0-6.orig/etc/defaults/etc/bash.bashrc	2011-03-17 21:30:38.000000000 +0100
+++ base-files-4.0-6/etc/defaults/etc/bash.bashrc	2011-03-31 15:38:12.000000000 +0200
@@ -16,7 +16,7 @@
 [[ "$-" != *i* ]] && return
 
 # Set a default prompt of: user@host and current_directory
-PS1='\[\e]0;\w\a\]\n\[\e[32m\]\u@\h \[\e[33m\]\w\[\e[0m\]\n\$ '
+PS1='\[\e]0;\w\a\]\n\[\e[32m\]\u@\h \[\e[33m\]\w\[\e[0m\]\n'"${PS1a:-\\\$ }"
 
 # Uncomment to use the terminal colours set in DIR_COLORS
 # eval "$(dircolors -b /etc/DIR_COLORS)"
diff -rup base-files-4.0-6.orig/etc/defaults/etc/profile base-files-4.0-6/etc/defaults/etc/profile
--- base-files-4.0-6.orig/etc/defaults/etc/profile	2011-03-18 17:59:18.000000000 +0100
+++ base-files-4.0-6/etc/defaults/etc/profile	2011-03-31 23:06:38.953125000 +0200
@@ -85,6 +85,16 @@ else
   cd "${HOME}" || echo "WARNING: Failed attempt to cd into ${HOME}!"
 fi
 
+# Set PS1a if user is in local or domain admin group
+unset PS1a
+grps="$(id -G 2>/dev/null)"
+for g in $(sed -n 's,^[^:]*:S-1-5\(-32-544\|-21-[^:]*-512\):\([0-9]*\):.*$,\2,p' /etc/group 2>/dev/null); do
+  case " $grps " in
+    *\ $g\ *) PS1a="# "; break;;
+  esac
+done
+unset g grps
+
 # Shell dependent settings
 profile_d ()
 {
@@ -104,19 +114,20 @@ if [ ! "x${BASH_VERSION}" = "x"  ]; then
 elif [ ! "x${KSH_VERSION}" = "x" ]; then
   typeset -l HOSTNAME=$(/usr/bin/hostname)
   profile_d sh
-  PS1=$(print '\033]0;${PWD}\n\033[32m${USER}@${HOSTNAME} \033[33m${PWD/${HOME}/~}\033[0m\n$ ')
+  PS1=$(print '\033]0;${PWD}\n\033[32m${USER}@${HOSTNAME} \033[33m${PWD/${HOME}/~}\033[0m\n'"${PS1a:-\$ }")
 elif [ ! "x${ZSH_VERSION}" = "x" ]; then
   HOSTNAME=$(/usr/bin/hostname)
   profile_d zsh
-  PS1='(%n@%m)[%h] %~ %% '
+  PS1='(%n@%m)[%h] %~ '"${PS1a:-%% }"
 elif [ ! "x${POSH_VERSION}" = "x" ]; then
   HOSTNAME=$(/usr/bin/hostname)
-  PS1="$ "
+  PS1="${PS1a:-\$ }"
 else 
   HOSTNAME=$(/usr/bin/hostname) 
   profile_d sh
-  PS1="$ "
+  PS1="${PS1a:-\$ }"
 fi
+unset PS1a
 
 export PATH MANPATH INFOPATH USER TMP TEMP PRINTER HOSTNAME PS1 
 


[-- Attachment #3: Type: text/plain, Size: 218 bytes --]

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [PATCH] base-files-4.0.6: Change prompt if running with admin rights

[Christian Franke]

On 2011-04-01, Christian Franke wrote:
> The attached patch for /etc/profile and /etc/bash.bashrc sets a root 
> prompt ('#' instead of '$' or '%') if the shell runs with admin rights 
> (local or domain admin group).
>

Any comment so far? Wrong list ?

If this patch is not accepted:
Would it be possible to change /etc/profile such that PS1 is set before 
/etc/profile.d scripts are run?
This would allow to change the prompt in a local /etc/profile.d script. 
This worked with the old base-files 3.9

Thanks,
Christian


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [PATCH] base-files-4.0.6: Change prompt if running with admin rights

[Daniel Colascione]

[-- Attachment #1: Type: text/plain, Size: 860 bytes --]

On 4/24/11 9:39 AM, Christian Franke wrote:
> On 2011-04-01, Christian Franke wrote:
>> The attached patch for /etc/profile and /etc/bash.bashrc sets a root
>> prompt ('#' instead of '$' or '%') if the shell runs with admin rights
>> (local or domain admin group).
>>
> 
> Any comment so far? Wrong list ?


I like the idea, but your patch adds two subprocess invocations to the
shell startup path. Each one takes ~200ms, and we can't afford to add
any more.

Instead of examining the group list, you can use something like

local isadmin=0
[[ -w / ]] && isadmin=1

or

local isadmin=0
[[ -w /cygdrive/c ]] && isadmin=1

Of course, that test assumes that only "administrators" can write to the
drive root, and that's an imperfect proxy for administrative rights. You
get the idea though: try to perform the test in pure bash code.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [PATCH] base-files-4.0.6: Change prompt if running with admin rights

[David Sastre]

[-- Attachment #1: Type: text/plain, Size: 984 bytes --]

On Sun, Apr 24, 2011 at 06:39:12PM +0200, Christian Franke wrote:
> On 2011-04-01, Christian Franke wrote:
> >The attached patch for /etc/profile and /etc/bash.bashrc sets a
> >root prompt ('#' instead of '$' or '%') if the shell runs with
> >admin rights (local or domain admin group).

Trying to detect users with admin rights in order to provide some
enhancements is something I'd like to add to base-files, and has been
discussed before:

http://cygwin.com/ml/cygwin-apps/2011-02/msg00013.html

> If this patch is not accepted:
> Would it be possible to change /etc/profile such that PS1 is set
> before /etc/profile.d scripts are run?
> This would allow to change the prompt in a local /etc/profile.d
> script. This worked with the old base-files 3.9

This shouldn't be a problem. I'll look into it.
Another solution would be setting PS1 and/or PATH in the user's
.bashrc.

-- 
Huella de clave primaria: AD8F BDC0 5A2C FD5F A179  60E7 F79B AB04 5299 EC56

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 230 bytes --]

Re: [PATCH] base-files-4.0.6: Change prompt if running with admin rights

[Christian Franke]

Daniel Colascione wrote:
> On 4/24/11 9:39 AM, Christian Franke wrote:
>    
>> On 2011-04-01, Christian Franke wrote:
>>      
>>> The attached patch for /etc/profile and /etc/bash.bashrc sets a root
>>> prompt ('#' instead of '$' or '%') if the shell runs with admin rights
>>> (local or domain admin group).
>>>
>>>        
>> Any comment so far? Wrong list ?
>>      
>
> I like the idea, but your patch adds two subprocess invocations to the
> shell startup path. Each one takes ~200ms, and we can't afford to add
> any more.
>
>    

Agree.


> Instead of examining the group list, you can use something like
>
> local isadmin=0
> [[ -w / ]]&&  isadmin=1
>
>    

False positive if same user installed Cygwin by running setup.exe with 
admin rights.

[[...]] does not work with posh and dash. But all shells apparently have 
a builtin '[' command.


> or
>
> local isadmin=0
> [[ -w /cygdrive/c ]]&&  isadmin=1
>
>    

False positive if /cygdrive is mounted with 'noacl' option.


> Of course, that test assumes that only "administrators" can write to the
> drive root, and that's an imperfect proxy for administrative rights. You
> get the idea though: try to perform the test in pure bash code.
>
>    

Using a read access test on a registry key with SYSTEM only access might 
work in most cases:

[ -r /proc/registry/HKEY_LOCAL_MACHINE/SECURITY ] && isadmin=1

Test succeeds if SeBackupPrivilege is enabled which is the case for 
Cygwin processes if user is in admin group or another group with this 
privilege.

A test script for all shells is attached. Run with admin rights. 
Requires cygdrop from cygutils package.

Script produces a false negative only from dash. Not really an issue, as 
dash is normally not used interactively.

Christian


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: [PATCH] base-files-4.0.6: Change prompt if running with admin rights

[Christian Franke]

[-- Attachment #1: Type: text/plain, Size: 160 bytes --]

Christian Franke wrote:
> A test script for all shells is attached. Run with admin rights. 
> Requires cygdrop from cygutils package.
>
Now it is attached :-)


[-- Attachment #2: admtest.sh.txt --]
[-- Type: text/plain, Size: 413 bytes --]

#!/bin/sh

#f=/proc/registry/HKEY_LOCAL_MACHINE/SAM/SAM
f=/proc/registry/HKEY_LOCAL_MACHINE/SECURITY

           /bin/test -r $f || echo "test: false negative"
cygdrop -- /bin/test -r $f && echo "test: false positive"

for shell in bash zsh mksh posh dash; do
             /bin/$shell -c "[ -r $f ]" || echo "$shell: false negative"
  cygdrop -- /bin/$shell -c "[ -r $f ]" && echo "$shell: false positive"
done



[-- Attachment #3: Type: text/plain, Size: 218 bytes --]

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple