From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17210 invoked by alias); 27 Jun 2012 13:58:51 -0000 Received: (qmail 17196 invoked by uid 22791); 27 Jun 2012 13:58:49 -0000 X-SWARE-Spam-Status: No, hits=-7.1 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_W,RCVD_IN_HOSTKARMA_WL X-Spam-Check-By: sourceware.org Received: from out3-smtp.messagingengine.com (HELO out3-smtp.messagingengine.com) (66.111.4.27) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 27 Jun 2012 13:58:35 +0000 Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 4B467206B7 for ; Wed, 27 Jun 2012 09:58:34 -0400 (EDT) Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160]) by compute1.internal (MEProxy); Wed, 27 Jun 2012 09:58:34 -0400 Received: from [158.147.137.170] (unknown [158.147.137.170]) by mail.messagingengine.com (Postfix) with ESMTPA id 09F3B8E021D; Wed, 27 Jun 2012 09:58:34 -0400 (EDT) Message-ID: <4FEB1189.80902@cwilson.fastmail.fm> Date: Wed, 27 Jun 2012 13:58:00 -0000 From: Charles Wilson Reply-To: Charles Wilson User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: [PATCH] root-uid: new module References: <4FEA4A72.8090003@cs.ucla.edu> <4FEA4D53.3090409@redhat.com> <4FEA4FDB.5030105@cs.ucla.edu> <4FEA5161.6010503@redhat.com> In-Reply-To: <4FEA5161.6010503@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2012-06/txt/msg00511.txt.bz2 On 6/26/2012 8:18 PM, Eric Blake wrote: > Broadening the question, does the cygwin community have advice on the > best implementation of a function that returns true if the argument is a > uid with full privileges (for example, if the uid is a member of the > Administrator group, and can therefore read files in spite of chown() > disabling all the read permissions)? We're trying to improve gnulib > (and therefore coreutils, findutils, tar, ...) to use an > implementation-appropriate check rather than the more traditional > hard-coded check of uid==0, since that doesn't quite work everywhere. There is some support code for doing various Win32-related group/user analysis like this in cygwin's login package. The files you'd be interested in -- winsec.c and winpriv.c, along with test_winsec.c -- were written by Chris Rodgers, me, and I'm sure Corinna contributed a few patches along the way. Those three files are under slightly different licenses, but are MIT/X-ish. -- Chuck -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple