From: Lord Laraby <lord.laraby@gmail.com>
To: cygwin@cygwin.com
Subject: Re: Question about UAC and bash/cygwin
Date: Thu, 16 Aug 2012 16:03:00 -0000 [thread overview]
Message-ID: <CAG9p0ORP=_QxKFJJ_oSVWeodWA_tLgFcSBsA+ERNqQBk1OPaiA@mail.gmail.com> (raw)
In-Reply-To: <20120816143205.GI17546@calimero.vinschen.de>
On Thu, Aug 16, 2012Corinna Vinschen
> On Aug 16 08:48, Lord Laraby wrote:
>> On Thu, Aug 16, 2012 Corinna Vinschen wrote:
>> > On Aug 16 07:06, Lord Laraby wrote:
>>
>> See, here where I said I want to know if the user is in fact
>> "elevated"? I'm always a member of the Administrators Group (group
>> 544) even when I have no such privileges to "administer" the system.
>>
>> > What is it good for to have uid 0? You want to know if you have admin
>> > rights, so why don't you simply check for the admin group in the
>> > supplementary group list?
>>
>> The uid 0 feature is just a unixy way of indicating that my account
>> has already passed and accepted the UAC and I'm now running as a
>> normal admin (not a puny user).
>>
> Huh? When you're not running elevated, the admin group will not be in
> the list of supplementary groups. What other information do you need?
> What's the problem?
>
>
> Corinna
Apparently, we're seeing completely different things then. Here's two
examples I ran one normally and one elevated.
non-elevated:
master@Master-PC ~
$ cd /etc/at-spi2/
master@Master-PC /etc/at-spi2
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
Note ------------^^^^^^^^^^^
master@Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf
master@Master-PC /etc/at-spi2
$ mv accessibility.conf accessibility.conf.tmp
mv: cannot move `accessibility.conf' to `accessibility.conf.tmp':
Permission denied
^^^ Not able to bypass ACL (but note being in group 0 (544)
*** Now try in elevated mode
Elevated:
master@Master-PC ~
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
master@Master-PC ~
$ cd /etc/at-spi2/
master@Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf
master@Master-PC /etc/at-spi2
$ mv accessibility.conf accessibility.conf.sav
^^^ No error and successfully used admin provileges...
master@Master-PC /etc/at-spi2
$ mv accessibility.conf.sav accessibility.conf
^^^ Again
master@Master-PC /etc/at-spi2
$ ls -l
total 4
-rw-r--r-- 1 admin none 1335 May 15 03:27 accessibility.conf
master@Master-PC /etc/at-spi2
$ id
uid=1001(master) gid=0(root)
groups=0(root),545(users),1007(hlplibrupdaters),1000(homegrp),513(none)
Note ------------^^^^^^^^^^^
master@Master-PC /etc/at-spi2
------------
See, root (545) is on my groups all the time - elevated or not. Unless
this is an error of some magnitude that it was inadvertently changed,
I cannot say.
Needless to say, as you can see from the sample out above, I can only
do certain things elevated (admin-type tasks) regardless of having
root in my groups.
Any suggestions on why I get different results?
LL
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2012-08-16 15:06 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-15 2:09 Lord Laraby
2012-08-15 4:10 ` Lord Laraby
2012-08-15 9:35 ` Adam Dinwoodie
2012-08-15 10:56 ` Lord Laraby
2012-08-16 4:05 ` Larry Hall (Cygwin)
2012-08-16 8:51 ` Lord Laraby
2012-08-16 10:31 ` Corinna Vinschen
2012-08-16 12:02 ` Lord Laraby
2012-08-16 12:27 ` Corinna Vinschen
2012-08-16 14:04 ` Lord Laraby
2012-08-16 16:03 ` Corinna Vinschen
2012-08-16 16:03 ` Lord Laraby [this message]
2012-08-16 18:23 ` Kurt Franke
2012-08-16 18:32 ` Corinna Vinschen
2012-08-16 19:26 ` Christian Franke
2012-08-16 19:52 ` Lord Laraby
2012-08-16 21:31 ` Lord Laraby
2012-08-16 22:16 ` Lord Laraby
2012-08-17 1:57 ` Christopher Faylor
2012-08-16 22:46 ` Linda Walsh
2012-08-16 9:20 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAG9p0ORP=_QxKFJJ_oSVWeodWA_tLgFcSBsA+ERNqQBk1OPaiA@mail.gmail.com' \
--to=lord.laraby@gmail.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).