From: LRN <lrn1986@gmail.com>
To: cygwin@cygwin.com
Subject: Re: winsymlinks:nativestrict and Windows 10
Date: Tue, 19 Mar 2019 14:23:00 -0000 [thread overview]
Message-ID: <f4207a77-a8d4-6004-dd76-2bc789e8d34f@gmail.com> (raw)
In-Reply-To: <1039329494.20190319152358@yandex.ru>
[-- Attachment #1.1: Type: text/plain, Size: 1980 bytes --]
On 19.03.2019 15:23, Andrey Repin wrote:
> It's not a secret that in earlier Windows versions members of Administrators
> group require elevated shell to create symlinks.
> Win10 is supposed to be easier, but all I've found was pointing to some
> obscure "developer mode".
Newer Windows 10 added a feature where passing a certain flag
(SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE) to a W32 API function that
creates symlink (CreateSymbolicLinkW) allows you to create symlinks without
being Administrator.
This flag only works if you put Windows into developer mode (you can toggle
this in Settings->Update & Security->For developers).
Newer versions of Cygwin know about this flag, and will always try to use it.
Ironically, some programs built into Windows do *not* use this flag, and will
continue to fail to create symlinks. Similarly, old versions of Cygwin or,
really, any Windows (MinGW/MSVC) program that does symlinks, will not be able
to use it, since they are not passing that flag. Any program that uses Cygwin
runtime will automatically benefit from this feature if Cygwin runtime itself
is new enough, since programs built against Cygwin just call `symlink()` and
don't have to know anything about implementation details.
> I wonder if it is possible to add some permission to the account instead and
> call it a day?
>
Devmode + SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE is the only way to
create symlinks without being Administrator (that i know of). You can't just
give some extra privileges to your non-administrator account. I know, i've tried.
Do note that this still doesn't fix the fundamental problem of NTFS symlinks
being either files or directories, but not both at the same time, unlike
symlink on other filesystems that have "dynamic" type and thus can be files or
directories depending on what they are pointing to at any given moment. But you
must already know what, since you're using nativestrict.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2019-03-19 14:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-19 12:35 Andrey Repin
2019-03-19 14:23 ` LRN [this message]
2019-03-19 15:16 ` Frank Redeker
2019-03-19 16:57 ` Corinna Vinschen
2019-03-19 17:20 ` Andrey Repin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f4207a77-a8d4-6004-dd76-2bc789e8d34f@gmail.com \
--to=lrn1986@gmail.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).