From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 116834 invoked by alias); 19 Mar 2019 14:23:17 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 116811 invoked by uid 89); 19 Mar 2019 14:23:17 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.1 spammy=HX-Spam-Relays-External:sk:broadba, nativestrict, winsymlinks, repin X-HELO: mail-lj1-f171.google.com Received: from mail-lj1-f171.google.com (HELO mail-lj1-f171.google.com) (209.85.208.171) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 19 Mar 2019 14:23:15 +0000 Received: by mail-lj1-f171.google.com with SMTP id y6so9290486ljd.12 for ; Tue, 19 Mar 2019 07:23:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:autocrypt:subject:message-id:date:user-agent :mime-version:in-reply-to; bh=KWPJmvX4FsfeYh7WvbiHzxdjxiiDh7Fd03l9l0wvMC8=; b=MCULarZonNFQXMaj3nWkb0LnSvdPzrWeO2FW6eufxKQ8WfaycUORtbJjXk0p15ZWgm q7LoDFpWRCRVhHgOyqaSi4ctrAgVpOe/CLI+MaEpaq/7EjBPmJT+7tQx5GjiFBbTFUxz c+Aby57Q1HBdo2AF241Lbm95Sr2k/L+4Cb3edr3EuDb2dZsXGo5ZDpzT2NbzzCklqiZm 00RKmgeA488QCoImWkF1LXGJkdWHAqwtRcFtu8CfKQgHsLbVKuASHwFfr4HZKEK6kaEa cwPZ2oWZq8fyo5nsQ3btXRNJxhtns0WnrxtxeI7Xt0B3pJGPDahIsbrvPi3CX6/haPn2 rVEw== Return-Path: Received: from [192.168.4.39] (broadband-95-84-200-6.ip.moscow.rt.ru. [95.84.200.6]) by smtp.gmail.com with ESMTPSA id w26sm2744638lfe.5.2019.03.19.07.23.11 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 19 Mar 2019 07:23:11 -0700 (PDT) To: cygwin@cygwin.com References: <1039329494.20190319152358@yandex.ru> From: LRN Subject: Re: winsymlinks:nativestrict and Windows 10 Message-ID: Date: Tue, 19 Mar 2019 14:23:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 In-Reply-To: <1039329494.20190319152358@yandex.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="KuwZExmDQKdGxVmrMBCqUFKeORfDpewZo" X-IsSubscribed: yes X-SW-Source: 2019-03/txt/msg00483.txt.bz2 --KuwZExmDQKdGxVmrMBCqUFKeORfDpewZo Content-Type: multipart/mixed; boundary="ry0n9SXkTt3GE4kbHbbbtaZSzW9Xnpg1f"; protected-headers="v1" From: LRN To: cygwin@cygwin.com Message-ID: Subject: Re: winsymlinks:nativestrict and Windows 10 --ry0n9SXkTt3GE4kbHbbbtaZSzW9Xnpg1f Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Content-length: 1964 On 19.03.2019 15:23, Andrey Repin wrote: > It's not a secret that in earlier Windows versions members of Administrat= ors > group require elevated shell to create symlinks. > Win10 is supposed to be easier, but all I've found was pointing to some > obscure "developer mode". Newer Windows 10 added a feature where passing a certain flag (SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE) to a W32 API function that creates symlink (CreateSymbolicLinkW) allows you to create symlinks without being Administrator. This flag only works if you put Windows into developer mode (you can toggle this in Settings->Update & Security->For developers). Newer versions of Cygwin know about this flag, and will always try to use i= t. Ironically, some programs built into Windows do *not* use this flag, and wi= ll continue to fail to create symlinks. Similarly, old versions of Cygwin or, really, any Windows (MinGW/MSVC) program that does symlinks, will not be ab= le to use it, since they are not passing that flag. Any program that uses Cygw= in runtime will automatically benefit from this feature if Cygwin runtime itse= lf is new enough, since programs built against Cygwin just call `symlink()` and don't have to know anything about implementation details. > I wonder if it is possible to add some permission to the account instead = and > call it a day? >=20 Devmode + SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE is the only way to create symlinks without being Administrator (that i know of). You can't just give some extra privileges to your non-administrator account. I know, i've = tried. Do note that this still doesn't fix the fundamental problem of NTFS symlinks being either files or directories, but not both at the same time, unlike symlink on other filesystems that have "dynamic" type and thus can be files= or directories depending on what they are pointing to at any given moment. But= you must already know what, since you're using nativestrict. --ry0n9SXkTt3GE4kbHbbbtaZSzW9Xnpg1f-- --KuwZExmDQKdGxVmrMBCqUFKeORfDpewZo Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" Content-length: 833 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE4MWzR43wYaAzEA49ja3pJ2dZunQFAlyQ+00ACgkQja3pJ2dZ unTPaBAAqjBwjSpC/10JViKfpiIVARzKmezTPT72ahkl4OsU/w9jWQT3tFEEgzgm p+I1rVS8bIUxc/PgBT6sn23MrKap0nqOsHSm3hBXTvPXNfugIVlw7LOANoRdjQfX x/THH4jModVxoLzBW+UbaVFU1n8HR6eGqxk379vWalgHCyFxsw/3FH+DXcNn8eE+ 6MYl9KZLA+l6f4Gpz7iz9xCL7Ads8HkppaLiiz8S+2y0AhmdGSR8vtXO/RXZIZGn kX6VjWWNJ6pZhbc1Uku3mNl2JyBJFel3D8IBN3/ExhFLPVlVC9oEGJDhOeyhzoVO W6fdZJbypBoIUmEL2cGnzikR1dh8H2kWSM/TXr6E8JGJ7+dwj2GVQizff1l6LaIH VF/0yJF+6N9ryWkLDImX8f7cnqeTdCbxGkrjvpgHexFjdwc68a6iG8MGzkZgCSbN u5TdmNHMQLs3RSSFsfk3YKRQ37Z9jGNgK7nL6Q0KuDLJ3GXCufmLhPn7mrJtu/fK lTaSEw0Ip63FB3msYa4PJtUW/BdFXQDrAm3Pcp1jB+2bwFAuJrsDxDj0r6w4AIzI Dq76zu1w3+1i4z/8+FpJ2K0ONn/QAtaTTRl0TUwHu5oUWku1R6NI+43c7XbDGESs Uqa/Zjn0EvsMRy48S4c1czx8ieZd9eFxnxjAf6/qjs/hJM5/7eE= =tPFJ -----END PGP SIGNATURE----- --KuwZExmDQKdGxVmrMBCqUFKeORfDpewZo--