Re: Question about UAC and bash/cygwin

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Lord Laraby <lord.laraby@gmail.com>
To: cygwin@cygwin.com
Subject: Re: Question about UAC and bash/cygwin
Date: Thu, 16 Aug 2012 16:03:00 -0000	[thread overview]
Message-ID: <CAG9p0ORP=_QxKFJJ_oSVWeodWA_tLgFcSBsA+ERNqQBk1OPaiA@mail.gmail.com> (raw)
In-Reply-To: <20120816143205.GI17546@calimero.vinschen.de>

On Thu, Aug 16, 2012Corinna Vinschen
> On Aug 16 08:48, Lord Laraby wrote:
>> On Thu, Aug 16, 2012 Corinna Vinschen wrote:
>> > On Aug 16 07:06, Lord Laraby wrote:
>>
>> See, here where I said I want to know if the user is in fact
>> "elevated"?  I'm always a member of the Administrators Group (group
>> 544) even when I have no such privileges to "administer" the system.
>>
>> > What is it good for to have uid 0?  You want to know if you have admin
>> > rights, so why don't you simply check for the admin group in the
>> > supplementary group list?
>>
>> The uid 0 feature is just a unixy way of indicating that my account
>> has already passed and accepted the UAC and I'm now running as a
>> normal admin (not a puny user).
>>
> Huh?  When you're not running elevated, the admin group will not be in
> the list of supplementary groups.  What other information do you need?
> What's the problem?
>
>
> Corinna

Apparently, we're seeing completely different things then. Here's two
examples I ran one normally and one elevated.


non-elevated:
master@Master-PC ~
$ cd /etc/at-spi2/

master@Master-PC /etc/at-spi2
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
Note ------------^^^^^^^^^^^

master@Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf

master@Master-PC /etc/at-spi2
$ mv accessibility.conf accessibility.conf.tmp
mv: cannot move `accessibility.conf' to `accessibility.conf.tmp':
Permission denied

^^^ Not able to bypass ACL (but note being in group 0 (544)

*** Now try in elevated mode
Elevated:
master@Master-PC ~
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)

master@Master-PC ~
$ cd /etc/at-spi2/

master@Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf

master@Master-PC /etc/at-spi2
$ mv accessibility.conf accessibility.conf.sav

^^^ No error and successfully used admin provileges...

master@Master-PC /etc/at-spi2
$ mv accessibility.conf.sav accessibility.conf

^^^ Again

master@Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf

master@Master-PC /etc/at-spi2
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
Note ------------^^^^^^^^^^^
master@Master-PC /etc/at-spi2
------------

See, root (545) is on my groups all the time - elevated or not. Unless
this is an error of some magnitude that it was inadvertently changed,
I cannot say.

Needless to say, as you can see from the sample out above, I can only
do certain things elevated (admin-type tasks) regardless of having
root in my groups.

Any suggestions on why I get different results?

LL

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

next prev parent reply	other threads:[~2012-08-16 15:06 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-08-15  2:09 Lord Laraby
2012-08-15  4:10 ` Lord Laraby
2012-08-15  9:35 ` Adam Dinwoodie
2012-08-15 10:56   ` Lord Laraby
2012-08-16  4:05     ` Larry Hall (Cygwin)
2012-08-16  8:51       ` Lord Laraby
2012-08-16 10:31         ` Corinna Vinschen
2012-08-16 12:02           ` Lord Laraby
2012-08-16 12:27             ` Corinna Vinschen
2012-08-16 14:04               ` Lord Laraby
2012-08-16 16:03                 ` Corinna Vinschen
2012-08-16 16:03                   ` Lord Laraby [this message]
2012-08-16 18:23                     ` Kurt Franke
2012-08-16 18:32                     ` Corinna Vinschen
2012-08-16 19:26               ` Christian Franke
2012-08-16 19:52                 ` Lord Laraby
2012-08-16 21:31                   ` Lord Laraby
2012-08-16 22:16                     ` Lord Laraby
2012-08-17  1:57                       ` Christopher Faylor
2012-08-16 22:46                   ` Linda Walsh
2012-08-16  9:20     ` Corinna Vinschen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAG9p0ORP=_QxKFJJ_oSVWeodWA_tLgFcSBsA+ERNqQBk1OPaiA@mail.gmail.com' \
    --to=lord.laraby@gmail.com \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).