Using native symlinks
Corinna Vinschen
corinna-cygwin@cygwin.com
Thu May 30 09:08:00 GMT 2013
On May 29 20:43, Chris Sutcliffe wrote:
> On 29 May 2013 13:01, Corinna Vinschen wrote:
> > On May 29 12:40, Chris Sutcliffe wrote:
> >> On 29 May 2013 11:23, Corinna Vinschen wrote:
> >> > On May 29 10:33, Chris Sutcliffe wrote:
> >> >> On 29 May 2013 04:39, Corinna Vinschen wrote:
> >> > Also, either way, did you logoff and logon so that the "Create symbolic
> >> > links" user right can be added to your user token? Note that your token
> >> > remains unchanged if you didn't exit from your session. Just changing
> >> > the Policy isn't enough, the OS needs achance to create a new user token
> >> > for you containing the user right.
> >>
> >> I've rebooted the machine since making the change and it has had no
> >> affect. Is there something else I need to do?
> >
> > I don't know. I have to try (but not today). Did you try to add the
> > "Users" group to the Local Security Policy entry instead?
>
> I tried adding the "Users" group and it didn't help either.
I just tested it and can confirm it.
Try this: Start a login session of a normal user after adding the "Users"
group to the "Create symbolic links" right. Check the privileges
in the user token:
$ /cygdrive/c/Windows/System32/whoami /priv
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
On the other hand, in the same situation the UAC-crippled admins's token
does not contain the "Create symbolic links" right:
$ /cygdrive/c/Windows/System32/whoami /priv
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
============================= ==================================== ========
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
I also changed the "Create symbolic links" policy so that the "Users"
group is the only group getting this right. In other words, I removed
the "Administrators" group entirely, logged off, logged on, and the
result was the same as above.
This is a bug in UAC if you ask me. It seems to remove privileges from
the UAC-crippled admin's token based on a fixed internal list, totally
ignorant of changes in the security policy.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list