This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cannot run setup64.exe without admin privileges (even if renamed foo.exe)


[Redirected to cygwin-apps]


On Sep 23 13:57, Buchbinder, Barry (NIH/NIAID) [E] wrote:
> Larry Hall (Cygwin) sent the following at Sunday, September 22, 2013 9:42 PM
> >No, "All Users" is also required to set up services (like sshd, crond,
> >etc.) to work for all users (i.e. switch user context). This is the
> >recommended way to install so that these subsequent facilities can be
> >used with a minimum of fuss or trouble.
> 
> Thank you for the explanation.
> 
> Still, I'd like to urge the setup-meisters to keep those of us without
> admin rights in mind.  If we have to compile setup ourselves, many of
> us will be staying with 32 bit for a long time.

I just had a weird idea how we *might* accomplish this for 32 and 64 bit
in the same way.

Assuming setup would get an "asInvoker" manifest, so it runs with the
privileges of the current user.  First thing it would check its user
token.  There are three cases:

- When started by a non-admin user, the user token would contain no
  trace of the administrators group in the user token group list.
  In this case, setup would just run along as usual for the current user.

- When started elevated (with "Run as administrator...", for instance),
  the user token group list would contain the administrators group,
  enabled.  So setup knows it has admin rights anyway and just runs along
  as in the non-admin user case.  So, in fact, these two cases are just
  one case.

- Now, when started by an admin user, but not elevated, the group list
  would contain the administrators group, too, but with the "Use for
  deny only" flag set.  If setup recognizes this flag, rather than running
  along, it calls ShellExecute on itself, with the "runas" flag set.
  So it elevates a copy of itself and just exits.  The elevated copy
  then runs as usual.

The only downside with this concept, as far as I can see, is, somebody
would have to implement it...

Does that sound feasible?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgp75BFKS6nuR.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]