X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; q=dns; s=default; b=sV AdAT1HesrU6cswNxdDybKRxpqlXv9ZFJVwMaq7MLC3k+gBqOwl9spKZ/W4oOWQOs LK1LkI2eebIbGQCBqLLON7KEM1qFObO19/01i8rJ2tl9Y/SLZ5eWdGzeI74WTaVb KsoG5gX4JULd4CwGKrFQUQl2xDIEOb8ga4ixIuF90= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; s=default; bh=bFcKGMww oUuo05bbNhMq3DJsqpE=; b=G4Krb7W1m1+01pEuFFACLLqtDJL9/+cblBpeNUc/ ZFqUmyicRtFt8+YLUApDGhFGjJ+wurg5s7+nEF01Ls8SieeNF4SMUEgtn4YLtmpJ vu5+Nq3NR6Vyg2RqVJgrMo0xO82GFm24CCT096wAAvb5Sy6jZCE0DgHhGVT6w9ZZ UrI= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-Spam-SWARE-Status: No, score=-3.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,SPF_PASS,TW_NL autolearn=ham version=3.3.1 MIME-Version: 1.0 X-Received: by 10.50.82.70 with SMTP id g6mr1358481igy.105.1369837997064; Wed, 29 May 2013 07:33:17 -0700 (PDT) In-Reply-To: <20130529083910.GD31309@calimero.vinschen.de> References: <20130528185553 DOT GA31309 AT calimero DOT vinschen DOT de> <20130529083910 DOT GD31309 AT calimero DOT vinschen DOT de> Date: Wed, 29 May 2013 10:33:16 -0400 Message-ID: Subject: Re: Using native symlinks From: Chris Sutcliffe To: The Cygwin Mailing List Content-Type: text/plain; charset=ISO-8859-1 On 29 May 2013 04:39, Corinna Vinschen wrote: > On May 28 22:23, Chris Sutcliffe wrote: >> It works fine if I create the native symlinks in an elevated shell, >> but does not if I create the native symlinks in a "normal" shell. Is >> this expected (i.e. does creating native symlinks only work in >> elevated shells?). > > Welcome to the wonderful world of native NTFS symlinks!!1!11!! > > It's true and it works like this: Have a look into the "Local Security > Policy" MMC Snap-in. In the left hand tree view navigate to > "Security Settings" -> "Local Policies" -> "User Rights Assignments". > On the right side look for "Create symbolic links". You will see that > by default only members of the Administrators group are allowed to > create symlinks. > > If you're running under an admin account in a non-elevated shell, your > token has been stripped by all Admin-only user rights, so you also have > no right to create symlinks. > > To workaround that, you can either add yourself to the "Create symbolic > links" right, or you can add the "Users" group if you want to allow > every user to create symlinks. But this requires changing it on all > machines manually, so alternatively you can create a domain policy which > adds the trusted users to this user right on all machines. I tried this approach and I'm still not having any luck with the user being able to create native symbolic links in a non-elevated shell. As a work around I've created a 'sudo' alias: alias sudo='cygstart --action=runas' which works nicely as I can launch commands elevated from a non-elevated shell. For running commands like winln / ln I can add the "--hidden" option (i.e. sudo --hidden) and no cmd window will pop-up during the execution of the command. I figured I would pass this along in case someone else finds this useful. Chris -- Chris Sutcliffe http://emergedesktop.org http://www.google.com/profiles/ir0nh34d -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple