From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=lYr/=EJ=gmail.com=martin.l.wege@sourceware.org>
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336])
	by sourceware.org (Postfix) with ESMTPS id D66BD3858C2C
	for <cygwin@cygwin.com>; Thu, 24 Aug 2023 16:24:29 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D66BD3858C2C
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-ot1-x336.google.com with SMTP id 46e09a7af769-6bda8559fddso33136a34.1
        for <cygwin@cygwin.com>; Thu, 24 Aug 2023 09:24:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1692894269; x=1693499069;
        h=content-transfer-encoding:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=LJ31GqMu2s07ImLQn5XXdPteb2Pap8H27bzGEODfpvM=;
        b=B1k8MxQWoy1/rK7ezTIexioYSEK/UjnqRxQIL2VeryPh0aAAgPLpiI2gcN3FUh+W8a
         rpvSfdQgMIIa4JxbwsBNl292+xyyxyt4WdlL8L1eNZeK0re0w/0pw0H7UMaE3DPqgQZU
         D7GbxlMfyDN1axOJocyC0wpQNiRG+e6cN4zTekVLqeStg9/wjda4Rp+QlK7Vw1yzr3dY
         6mN24ONfqfa7ryZhLHGdLglBtKuX8w5yfzT8U2eKVE+rOhIWxc/GFiwH2wUTZTJAoNoI
         SSNHCeAxbz9Ieibu3OD+9HFhHi/nfPQsa1H9ob6FkGzJQ47IKHlE8OGN2yv/KOca2p5O
         S9wQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1692894269; x=1693499069;
        h=content-transfer-encoding:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=LJ31GqMu2s07ImLQn5XXdPteb2Pap8H27bzGEODfpvM=;
        b=gi1iG5y2IXNTvS0yzliqboL1yNqx6aY/dzeTCZsl6yGGTx2cJkKMnql+VWkuzZrz55
         9yW81qBebUzW/qZxYP+dDGd+3eAmafqUerklOTIQNhLTV/OLAvyDu+RzM4M6RjhAjcOT
         DwRM/5njyaD7E2We/eFy+lwmqraeFcIOx76x0vaot3ZIyeAetikefE8JY3Rx8dg5mRzt
         RSotkGUi6BabkH1jiYX0OUXDuF6HY91oglb0Ok0Wo84BblBeXLF8WWhBZIergIUV1VZt
         tt1yrgmOlU/VphxBxrd5mBvLxR+yhyiZE5y9PuqZkdZToNFon3yAGepj2Rx62Fu/h3oE
         V1Qg==
X-Gm-Message-State: AOJu0YxxMd9KVGLBV8HVDpo27jBCC0HzzjDUlfyUT1+TGyK4cBE6lWDv
	s8gmIMd5KR9yA4xrYABBIY4N6XSDsqmg9KsnEbKWcOWT0AB+cQ==
X-Google-Smtp-Source: AGHT+IFFeWqKorTKQm1/mzIWM6nN96PZzPf6ecLnZpacWhTlin+B2y3plGzR1+WbFeMb7Tj28KNdz9adIk9h/cETx4c=
X-Received: by 2002:a05:6870:1691:b0:19f:2c0e:f865 with SMTP id
 j17-20020a056870169100b0019f2c0ef865mr263458oae.7.1692894268789; Thu, 24 Aug
 2023 09:24:28 -0700 (PDT)
MIME-Version: 1.0
References: <CANH4o6OpsvT99AeJ2uTcqyajWQHmffYJqV=RR4HBxoFaveR7sQ@mail.gmail.com>
 <87cyzj4fep.fsf@Rainer.invalid>
In-Reply-To: <87cyzj4fep.fsf@Rainer.invalid>
From: Martin Wege <martin.l.wege@gmail.com>
Date: Thu, 24 Aug 2023 18:24:17 +0200
Message-ID: <CANH4o6MJj3W6GCEXsp82bZC49982nnz1Tb9Yfgh2zCdBBE-rjg@mail.gmail.com>
Subject: Re: Test for Windows Administrator permissions from Cygwin terminal|script?
To: cygwin@cygwin.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <cygwin.cygwin.com>

On Sat, Aug 19, 2023 at 10:15=E2=80=AFAM ASSI via Cygwin <cygwin@cygwin.com=
> wrote:
>
> Martin Wege via Cygwin writes:
> > How can I find out whether the current Cygwin terminal has
> > Administrator rights? I want to safeguard our admin scripts with a
> > simple test and bail out with an error if someone wants to do admin
> > stuff (say: regtool) without admin privileges.
>
> Windows really doesn't have a defined notion of what is or is not an
> "administrator".  Each particular definition will be insufficient or
> invalid in certain contexts.  When you're dealing with hardened
> installations (via group policies or otherwise), large windows domains
> and/or server administration you may have to be way more specific than
> just looking at one simple indication.
>
> That said, most commonly the presence of SID S-1-5-32-544 in your user
> token (in Cygwin: gid=3D544, unless you override it in the group config)
> will be the best simple approximation.  Incidentally, this is what tcsh
> is using on Cygwin to define the "superuser" for the purpose of setting
> the prompt with "%#":
> https://github.com/tcsh-org/tcsh/blob/d075ab5b4155ebff9d30e765733c030c3da=
5e362/tc.prompt.c#L212
>
> For (ba)sh scripts you can parse the output from id along the lines of
>
> id -G | grep -q '\<544\>' && echo admin || echo "not admin"

Is there any guarantee that the UNIX GID of the "administrator" will
always be "544", regardless of locale or Country-specific version of
Windows?

Also, this might be something for a Cygwin ADMINISTRATOR&PROGRAMMING
FAQ, if there is such a thing.

Thanks,
Martin