Adam Dinwoodie wrote: > Lord Laraby wrote: >>I've scanned months of the mailing list archives for an answers and searched >>until I've run out of ideas. > > Have you taken a look through the Cygwin user's guide? In particular, I > suspect > the section on using Windows security in Cygwin will be relevant: > > http://cygwin.com/cygwin-ug-net/ntsec.html
I did indeed. In fact,I've tried to keep that document current in my mind with every new cygwin.dll that comes out. It's very informative about *Windows* security model. However, what I can't see in that document (or the whole users guide) are topics related to UAC, privilege escalation/elevation (getting real administrator rights when you are an administrator), and anything about object integrity levels. How these things are very present and a pain in the *** on later (modern) windows hosts. There really isn't anything specifically related to WIndows 7's quirks. Also, cygserver and cygLSA are really not well explained. I know they are there and have to do with changing user context. I know about passwd -R and other means of getting good user tokens. I can figure the rest out by reading the code I suppose. Where I am lost in this is simply who does cygwin recognize I'm elevated to true administrator? It doesn't seem to and keeps putting all the files and directories I create (while escalated) under my non-elevated account rather than under root. Why must I use the machine administrator account for this? I had wanted to leave that special completely disabled, but it seems I'm not allowed to. Also, when installing or updating, it seems I must use the machine administrator account for setup.exe as well? Who owns the installed files, otherwise? Not who I'd think. Sorry if the questions are a bit too numerous. I wish I could just siphon knowledge from Corinna's brain. :) -- Lord Laraby -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
