From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-179669-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 12313 invoked by alias); 16 Aug 2012 19:01:17 -0000
Received: (qmail 12285 invoked by uid 22791); 16 Aug 2012 19:01:15 -0000
X-SWARE-Spam-Status: No, hits=-2.6 required=5.0	tests=AWL,BAYES_00,KHOP_THREADED,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_NO,RP_MATCHES_RCVD,UNPARSEABLE_RELAY
X-Spam-Check-By: sourceware.org
Received: from mailout05.t-online.de (HELO mailout05.t-online.de) (194.25.134.82)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 16 Aug 2012 19:01:01 +0000
Received: from fwd51.aul.t-online.de (fwd51.aul.t-online.de )	by mailout05.t-online.de with smtp 	id 1T25JT-0001lw-IP; Thu, 16 Aug 2012 21:00:59 +0200
Received: from [192.168.2.108] (GEUYRYZUwhCW3EQ5+HCMcKQQLYdyH3dT9zcKhCqgSFyIq3huadavbYsVSPTuD+iZSe@[79.224.100.146]) by fwd51.t-online.de	with esmtp id 1T25JG-1VrS1g0; Thu, 16 Aug 2012 21:00:46 +0200
Message-ID: <502D435C.2070801@t-online.de>
Date: Thu, 16 Aug 2012 19:26:00 -0000
From: Christian Franke <Christian.Franke@t-online.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120715 Firefox/14.0.1 SeaMonkey/2.11
MIME-Version: 1.0
To: cygwin@cygwin.com
Subject: Re: Question about UAC and bash/cygwin
References: <CAG9p0OTFaLUp7c8zpOtVQ=4zt-=fAqPvURJw758FS+d2rPOtgw@mail.gmail.com> <CE9C056E12502146A72FD81290379E9A49600AF0@ENFIRHMBX1.datcon.co.uk> <CAG9p0OQsu08mOqGC4NkAvKE_GbjvBJk675XR6TdU5+urbNsEuQ@mail.gmail.com> <502C6B1C.5030900@cygwin.com> <CAG9p0OS3HKvaE9ye6g3vKP4kXPZGBw=uc-ELb0WcvdPefGQmFg@mail.gmail.com> <20120816090344.GD5536@calimero.vinschen.de> <CAG9p0ORs1BLte6nm_8iAHQan1Y+mESJQpNmjf=SiuJjHuSr83g@mail.gmail.com> <20120816113834.GF17546@calimero.vinschen.de>
In-Reply-To: <20120816113834.GF17546@calimero.vinschen.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
X-SW-Source: 2012-08/txt/msg00390.txt.bz2

Corinna Vinschen wrote:
> On Aug 16 07:06, Lord Laraby wrote:
>>   My, major emphasis is recognizing in the Cygwin dll
>> or startup code somewhere) that the user has full Administrator rights
>> and simply replacing his normal UID with 0 (or that of whomever root
>> seems to be by /etc/passwd). Internally (at cygwin.dll level) he/she
>> is still the same user, but the desired effects would be that bash and
>> others might change his prompt to '#' and that scripts can check for
>> admin rights and files he/she created would become owned by UID 0 (or
>> the Administrators group).
> What is it good for to have uid 0?  You want to know if you have admin
> rights, so why don't you simply check for the admin group in the
> supplementary group list?
>
> Here's what I do in my tcsh ~/.cshrc profile to set the prompt:
>
>    id -G | egrep -q '\<544\>' && set prompt = '#  || set prompt = '\$ '
>
>

I use this simple check which does not depend on /etc/group contents:

  test -r /proc/registry/HKEY_LOCAL_MACHINE/SECURITY && PS1='# ' || PS1='$ '

Relies on the fact that Cygwin (unlike most non-Cygwin programs) enables 
SeBackupPrivilege if available.

See also: http://cygwin.com/ml/cygwin/2012-02/msg00806.html

Christian


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple