From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corinna@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2155)
	id D6D9A3858C53; Fri, 25 Aug 2023 09:42:33 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D6D9A3858C53
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1692956553;
	bh=UiV72m5WuU86uVYItt2an5Bqs7qupZO9GFruLg24+5Y=;
	h=Date:From:To:Subject:Reply-To:References:In-Reply-To:From;
	b=kmgbR97Dx0BKTLQ3UFA3G7AxECtqyhRonq+3HJfutBs+763WzOnqF9sQkD042nbW9
	 Pe/xMuniDvic4Hx2am7qjYvRpoLI/5wlN0m1UxuKqAWmEHi/2TuMbDIPkFVE0Ok52U
	 OYDVzYT31ocULD+Kwh7xUpjVVlL44BolSrGUgfCM=
Received: by calimero.vinschen.de (Postfix, from userid 500)
	id 36271A80B9C; Fri, 25 Aug 2023 11:42:31 +0200 (CEST)
Date: Fri, 25 Aug 2023 11:42:31 +0200
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Test for Windows Administrator permissions from Cygwin
 terminal|script?
Message-ID: <ZOh3h4OK9jfhhCZX@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <CANH4o6OpsvT99AeJ2uTcqyajWQHmffYJqV=RR4HBxoFaveR7sQ@mail.gmail.com>
 <87cyzj4fep.fsf@Rainer.invalid>
 <CANH4o6MJj3W6GCEXsp82bZC49982nnz1Tb9Yfgh2zCdBBE-rjg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CANH4o6MJj3W6GCEXsp82bZC49982nnz1Tb9Yfgh2zCdBBE-rjg@mail.gmail.com>
List-Id: <cygwin.cygwin.com>

On Aug 24 18:24, Martin Wege via Cygwin wrote:
> On Sat, Aug 19, 2023 at 10:15 AM ASSI via Cygwin <cygwin@cygwin.com> wrote:
> >
> > Martin Wege via Cygwin writes:
> > > How can I find out whether the current Cygwin terminal has
> > > Administrator rights? I want to safeguard our admin scripts with a
> > > simple test and bail out with an error if someone wants to do admin
> > > stuff (say: regtool) without admin privileges.
> >
> > Windows really doesn't have a defined notion of what is or is not an
> > "administrator".  Each particular definition will be insufficient or
> > invalid in certain contexts.  When you're dealing with hardened
> > installations (via group policies or otherwise), large windows domains
> > and/or server administration you may have to be way more specific than
> > just looking at one simple indication.
> >
> > That said, most commonly the presence of SID S-1-5-32-544 in your user
> > token (in Cygwin: gid=544, unless you override it in the group config)
> > will be the best simple approximation.  Incidentally, this is what tcsh
> > is using on Cygwin to define the "superuser" for the purpose of setting
> > the prompt with "%#":
> > https://github.com/tcsh-org/tcsh/blob/d075ab5b4155ebff9d30e765733c030c3da5e362/tc.prompt.c#L212
> >
> > For (ba)sh scripts you can parse the output from id along the lines of
> >
> > id -G | grep -q '\<544\>' && echo admin || echo "not admin"
> 
> Is there any guarantee that the UNIX GID of the "administrator" will
> always be "544", regardless of locale or Country-specific version of
> Windows?

https://cygwin.com/pipermail/cygwin/2023-August/254218.html


Corinna