From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mr3.vodafonemail.de (mr3.vodafonemail.de [145.253.228.163]) by sourceware.org (Postfix) with ESMTPS id 40B4D38582A3 for ; Sat, 19 Aug 2023 08:15:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 40B4D38582A3 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=nexgo.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nexgo.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexgo.de; s=vfde-smtpout-mb-15sep; t=1692432905; bh=g3N7FhEA1jaiFBghLFrkZl21qktR62EVLKVAwSrpXKs=; h=From:To:Subject:In-Reply-To:References:Date:Message-ID:User-Agent: Content-Type:From; b=q/QRqHrwS28/Yl6GPWKxscehYAeoE1SG2Xd7oYZ0Lwb3SwT0R7b71Ky2uuTTviWNh HHQ6ZWxw5cHNIF+QbQvWl/4TELJw/F2tkMLfOluOKmknAm7OZKKPLY/H1oFbK5rD6f EuyflCBNq4hRjmCVf1NPTEBykZJJFp5by6NGAgAE= Received: from smtp.vodafone.de (unknown [10.0.0.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mr3.vodafonemail.de (Postfix) with ESMTPS id 4RSWkd3Hkkz1yx1 for ; Sat, 19 Aug 2023 08:15:05 +0000 (UTC) Received: from Gerda (p57b9d560.dip0.t-ipconnect.de [87.185.213.96]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 4RSWkY1k1HzMksD for ; Sat, 19 Aug 2023 08:14:58 +0000 (UTC) From: ASSI To: cygwin@cygwin.com Subject: Re: Test for Windows Administrator permissions from Cygwin terminal|script? In-Reply-To: (Martin Wege via Cygwin's message of "Fri, 18 Aug 2023 04:01:01 +0200") References: Date: Sat, 19 Aug 2023 10:14:54 +0200 Message-ID: <87cyzj4fep.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-purgate-type: clean X-purgate: clean X-purgate-size: 1454 X-purgate-ID: 155817::1692432901-9FFFFA5E-4560C5AA/0/0 X-Spam-Status: No, score=-3028.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_BARRACUDACENTRAL,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Martin Wege via Cygwin writes: > How can I find out whether the current Cygwin terminal has > Administrator rights? I want to safeguard our admin scripts with a > simple test and bail out with an error if someone wants to do admin > stuff (say: regtool) without admin privileges. Windows really doesn't have a defined notion of what is or is not an "administrator". Each particular definition will be insufficient or invalid in certain contexts. When you're dealing with hardened installations (via group policies or otherwise), large windows domains and/or server administration you may have to be way more specific than just looking at one simple indication. That said, most commonly the presence of SID S-1-5-32-544 in your user token (in Cygwin: gid=544, unless you override it in the group config) will be the best simple approximation. Incidentally, this is what tcsh is using on Cygwin to define the "superuser" for the purpose of setting the prompt with "%#": https://github.com/tcsh-org/tcsh/blob/d075ab5b4155ebff9d30e765733c030c3da5e362/tc.prompt.c#L212 For (ba)sh scripts you can parse the output from id along the lines of id -G | grep -q '\<544\>' && echo admin || echo "not admin" should be most workable. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptation for Waldorf rackAttack V1.04R1: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada