This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: how to determine if a shell is running as Administrator?
- From: Andrey Repin <anrdaemon at yandex dot ru>
- To: Andrew Schulman <schulman dot andrew at epa dot gov>, cygwin at cygwin dot com
- Date: Thu, 5 Feb 2015 22:25:40 +0300
- Subject: Re: how to determine if a shell is running as Administrator?
- Authentication-results: sourceware.org; auth=none
- References: <slc6da9aq8g9e7h0aegafhfa86eahfd53p at 4ax dot com> <20150205100349 dot GS2635 at calimero dot vinschen dot de> <87siekhaz6 dot fsf at Rainer dot invalid> <20150205113926 dot GT2635 at calimero dot vinschen dot de> <8us6da1mc84clhtt2hgsliu2tor8mddcga at 4ax dot com>
- Reply-to: cygwin at cygwin dot com
Greetings, Andrew Schulman!
>> However, the user token of such a user still contains the Administrators
>> group (I just tested it) and thus the `id -G' test for 544 (or 0 with
>> the old "root" entry in /etc/group) is still valid.
> OK, I see. Yes, when I Run as administrator I have
> $ id -G
> 513 114 1007 1001 0 545 4 66049 11 15 113 4095 66048 262154 405504
> which includes 0.
> So it seems that the test for group 544 or 0 is the way to tell if the user has
> admin rights.
544 only.
If you see group 0, you should notify the user that, either
1. Their Cygwin is outdated, or
2. They have /etc/group file that supersede normal group resolution.
There MAY be valid reasons to have /etc/group, but in no way it should
override well-known SID's.
> If you want to know (I don't) specifically if they got those
> rights from Run as administrator, the presence of group 114 will tell you that,
> but only in newer OSes.
It doesn't matter really.
As long as the user token have group 544, you can expect that they do have the
powers in the system.
It is not the only available way to gain such power (i.e. the test for having
SeBackupPrivilege is more reliable), but from shell, this is probably the only
straightforward one.
P.S.
$ uname -a
CYGWIN_NT-6.1 daemon2 1.7.34(0.285/5/3) 2015-02-04 12:14 x86_64 Cygwin
regular:$ id -G
197121 545 4 66049 11 15 113 4095 66048 262154 401408
elevated:$ id -G
197121 114 544 545 4 66049 11 15 113 4095 66048 262154 405504
P.P.S.
PS1_TAIL="$(
x="$"
for group in $(id -G); do
{
test $group -eq 544 && { x="#"; break; }
test $group -eq 0 && { x="Please remove well-known SID overrides from your /etc/group file#"; break; }
}
done
echo $x
)"
if [ "$color_prompt" = yes ]; then
PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\033[0m\007\]\n$PS1_TAIL '
else
PS1='\u@\h:\w\007\n$PS1_TAIL '
fi
unset color_prompt force_color_prompt
--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 05.02.2015, <21:02>
Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple