This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Question about UAC and bash/cygwin


Adam Dinwoodie  wrote:

> Lord Laraby wrote:
>>I've scanned months of the mailing list archives for an answers and searched
>>until I've run out of ideas.
>
> Have you taken a look through the Cygwin user's guide? In particular, I suspect
> the section on using Windows security in Cygwin will be relevant:
>
> http://cygwin.com/cygwin-ug-net/ntsec.html

I did indeed. In fact,I've tried to keep that document current in my
mind with every new cygwin.dll that comes out. It's very informative
about *Windows* security model.

However, what I can't see in that document (or the whole users guide)
are topics related to UAC, privilege escalation/elevation (getting
real administrator rights when you are an administrator), and anything
about object integrity levels. How these things are very present and a
pain in the *** on later (modern) windows hosts. There really isn't
anything specifically related to WIndows 7's quirks.

Also, cygserver and cygLSA are really not well explained. I know they
are there and have to do with changing user context. I know about
passwd -R and other means of getting good user tokens. I can figure
the rest out by reading the code I suppose.

Where I am lost in this is simply who does cygwin recognize I'm
elevated to true administrator? It doesn't seem to and keeps putting
all the files and directories I create (while escalated) under my
non-elevated account rather than under root. Why must I use the
machine administrator account for this? I had wanted to leave that
special completely disabled, but it seems I'm not allowed to. Also,
when installing or updating, it seems I must use the machine
administrator account for setup.exe as well? Who owns the installed
files, otherwise? Not who I'd think.

Sorry if the questions are a bit too numerous. I wish I could just
siphon knowledge from Corinna's brain. :)

--
Lord Laraby

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]