This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Change PS1 when run as administrator

On Mar 23 18:01, Brian Inglis wrote:
> Corinna Vinschen <corinna-cygwin <at>> writes:
> > On Mar 23 12:35, Brian Inglis wrote:
> >> Warren Young <wyml <at>> writes:
> >>> Confirmed, at least on Win10 64-bit without any AD mucking things up.
> >>> That is, I get both 114 and 544 here, so I donât need the 114 rule at all.
> >> Opposite for me on Win7 x64 non-domain machine! 
> >> I am always a member of 544(Administrators) group and it is my default
> >> primary group in normal non-admin and elevated admin shells. 
> >> In elevated admin shell, I am also a member of 114(Local account and 
> >> member of Administrators group) and 405504(High Mandatory Level) not 
> >> 401408(Medium Mandatory Level). 
> > You have either some /etc/passwd, /etc/group settings overshadowing the
> > default settings, or you used the "desc" method described in
> >
> > to change your primary group.
> > Otherwise your primary group is always "None", or the equivalent in your
> > locale.  The admins group is *never* the primary group, unless you
> > messed with the settings for Cygwin as outlined above.
> > If you're member in the Admins group, then the admins group is part of
> > the non-elevated token, but only as "deny-only" group.  That means, it's
> > usually not shown in id, unless you made it primary group, in which case
> > it has to be shown.
> > You better remove this.  I think I'll fix this function to not allow
> > primary groups which are not enabled in the token.

The latest test release 2.5.0-0.9 now checks if the desired primary
group is enabled in the token.  If it's not enabled, as in the case
of the admins group for non-elevated admin accounts, it refuses to
change the primary group and keeps the default primary group intact.

> net user /comment - thanks, that worked.
> Removed comment (in elevated shell) and default became None.
> Readded comment with Users and that became the default.
> Will leave that there, as seeing None=="local non-domain accounts" bugs me,
> and it seems stupid to default anything to local non-domain accounts only.

> Is there a better consistent choice of dynamic group having elevated rights
> on both local and domain systems than 544 e.g. 114 or 405504 or ?

I don't understand the question.  What counts is group 544,
administrators.  But there's no good reason to make this group your
primary group.  Membership is sufficient.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: signature.asc
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]