This is the mail archive of the
mailing list for the Cygwin project.
Re: Using native symlinks
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Wed, 29 May 2013 17:23:39 +0200
- Subject: Re: Using native symlinks
- References: <CAGHJv4ftSKS6wR-Uzd9Gfvowqpn-WCQ0U01NexgCpZaYqd-Tow at mail dot gmail dot com> <20130528185553 dot GA31309 at calimero dot vinschen dot de> <CAGHJv4fkvRt1gQfNTarHGUQWvdRxRsy=oAA=pjUQTLQFoNoW-g at mail dot gmail dot com> <20130529083910 dot GD31309 at calimero dot vinschen dot de> <CAGHJv4cUbx_sMCwUgzTd3ZaXVgbfgPt1Fs7pOO4UtwZhFFj-uA at mail dot gmail dot com>
- Reply-to: cygwin at cygwin dot com
On May 29 10:33, Chris Sutcliffe wrote:
> On 29 May 2013 04:39, Corinna Vinschen wrote:
> > On May 28 22:23, Chris Sutcliffe wrote:
> >> It works fine if I create the native symlinks in an elevated shell,
> >> but does not if I create the native symlinks in a "normal" shell. Is
> >> this expected (i.e. does creating native symlinks only work in
> >> elevated shells?).
> > Welcome to the wonderful world of native NTFS symlinks!!1!11!!
> > It's true and it works like this: Have a look into the "Local Security
> > Policy" MMC Snap-in. In the left hand tree view navigate to
> > "Security Settings" -> "Local Policies" -> "User Rights Assignments".
> > On the right side look for "Create symbolic links". You will see that
> > by default only members of the Administrators group are allowed to
> > create symlinks.
> > If you're running under an admin account in a non-elevated shell, your
> > token has been stripped by all Admin-only user rights, so you also have
> > no right to create symlinks.
> > To workaround that, you can either add yourself to the "Create symbolic
> > links" right, or you can add the "Users" group if you want to allow
> > every user to create symlinks. But this requires changing it on all
> > machines manually, so alternatively you can create a domain policy which
> > adds the trusted users to this user right on all machines.
> I tried this approach and I'm still not having any luck with the user
> being able to create native symbolic links in a non-elevated shell.
What approach? Adding the Users group to the Local Security Policy or
adding a domain policy? If the latter, did you call gpupdate on the
client or reboot the client machine to propagate the domain policy?
Also, either way, did you logoff and logon so that the "Create symbolic
links" user right can be added to your user token? Note that your token
remains unchanged if you didn't exit from your session. Just changing
the Policy isn't enough, the OS needs achance to create a new user token
for you containing the user right.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple