This is the mail archive of the
mailing list for the Cygwin project.
Re: Using native symlinks
- From: Chris Sutcliffe <ir0nh34d at gmail dot com>
- To: The Cygwin Mailing List <cygwin at cygwin dot com>
- Date: Wed, 29 May 2013 10:33:16 -0400
- Subject: Re: Using native symlinks
- References: <CAGHJv4ftSKS6wR-Uzd9Gfvowqpn-WCQ0U01NexgCpZaYqd-Tow at mail dot gmail dot com> <20130528185553 dot GA31309 at calimero dot vinschen dot de> <CAGHJv4fkvRt1gQfNTarHGUQWvdRxRsy=oAA=pjUQTLQFoNoW-g at mail dot gmail dot com> <20130529083910 dot GD31309 at calimero dot vinschen dot de>
On 29 May 2013 04:39, Corinna Vinschen wrote:
> On May 28 22:23, Chris Sutcliffe wrote:
>> It works fine if I create the native symlinks in an elevated shell,
>> but does not if I create the native symlinks in a "normal" shell. Is
>> this expected (i.e. does creating native symlinks only work in
>> elevated shells?).
> Welcome to the wonderful world of native NTFS symlinks!!1!11!!
> It's true and it works like this: Have a look into the "Local Security
> Policy" MMC Snap-in. In the left hand tree view navigate to
> "Security Settings" -> "Local Policies" -> "User Rights Assignments".
> On the right side look for "Create symbolic links". You will see that
> by default only members of the Administrators group are allowed to
> create symlinks.
> If you're running under an admin account in a non-elevated shell, your
> token has been stripped by all Admin-only user rights, so you also have
> no right to create symlinks.
> To workaround that, you can either add yourself to the "Create symbolic
> links" right, or you can add the "Users" group if you want to allow
> every user to create symlinks. But this requires changing it on all
> machines manually, so alternatively you can create a domain policy which
> adds the trusted users to this user right on all machines.
I tried this approach and I'm still not having any luck with the user
being able to create native symbolic links in a non-elevated shell.
As a work around I've created a 'sudo' alias:
alias sudo='cygstart --action=runas'
which works nicely as I can launch commands elevated from a
non-elevated shell. For running commands like winln / ln I can add
the "--hidden" option (i.e. sudo --hidden) and no cmd window will
pop-up during the execution of the command.
I figured I would pass this along in case someone else finds this useful.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple