This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Change PS1 when run as administrator

On Mar 23 12:35, Brian Inglis wrote:
> Warren Young <wyml <at>> writes:
> > On Mar 15, 2016, at 2:17 PM, Achim Gratz <Stromeko <at>> wrote:
> >> Andrey Repin writes:
> >>>    test $group -eq 114 && { x="#"; break; }
> >> Nope, that group membership isn't associated with real administrative
> >> powers.
> > Confirmed, at least on Win10 64-bit without any AD mucking things up.
> > That is, I get both 114 and 544 here, so I donât need the 114 rule at all.
> Opposite for me on Win7 x64 non-domain machine! 
> I am always a member of 544(Administrators) group and it is my default
> primary group in normal non-admin and elevated admin shells. 
> In elevated admin shell, I am also a member of 114(Local account and member
> of Administrators group) and 405504(High Mandatory Level) not 401408(Medium
> Mandatory Level). 
> No idea how this works in domains and with domain accounts, but perhaps
> checking for 114 and/or 405504 would be more portable? 
> $ uname -srvmo
> CYGWIN_NT-6.1 2.4.1(0.293/5/3) 2016-01-24 11:26 x86_64 Cygwin
> normal non-admin shell:
> $ id
> uid=... gid=544(Administrators)
> groups=544(Administrators),197121(None),197610(HomeUsers),545(Users),
> LOGON),11(Authenticated Users),15(This Organization),113(Local
> account),4095(CurrentSession),66048(LOCAL),262154(NTLM
> Authentication),401408(Medium Mandatory Level)

You have either some /etc/passwd, /etc/group settings overshadowing the
default settings, or you used the "desc" method described in
to change your primary group.

Otherwise your primary group is always "None", or the equivalent in your
locale.  The admins group is *never* the primary group, unless you
messed with the settings for Cygwin as outlined above.

If you're member in the Admins group, then the admins group is part of
the non-elevated token, but only as "deny-only" group.  That means, it's
usually not shown in id, unless you made it primary group, in which case
it has to be shown.

You better remove this.  I think I'll fix this function to not allow
primary groups wehich are not enabled in the token.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: signature.asc
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]