This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Using native symlinks

On May 29 10:33, Chris Sutcliffe wrote:
> On 29 May 2013 04:39, Corinna Vinschen wrote:
> > On May 28 22:23, Chris Sutcliffe wrote:
> >> It works fine if I create the native symlinks in an elevated shell,
> >> but does not if I create the native symlinks in a "normal" shell.  Is
> >> this expected (i.e. does creating native symlinks only work in
> >> elevated shells?).
> >
> > Welcome to the wonderful world of native NTFS symlinks!!1!11!!
> >
> > It's true and it works like this: Have a look into the "Local Security
> > Policy" MMC Snap-in.  In the left hand tree view navigate to
> > "Security Settings" -> "Local Policies" -> "User Rights Assignments".
> > On the right side look for "Create symbolic links".  You will see that
> > by default only members of the Administrators group are allowed to
> > create symlinks.
> >
> > If you're running under an admin account in a non-elevated shell, your
> > token has been stripped by all Admin-only user rights, so you also have
> > no right to create symlinks.
> >
> > To workaround that, you can either add yourself to the "Create symbolic
> > links" right, or you can add the "Users" group if you want to allow
> > every user to create symlinks.  But this requires changing it on all
> > machines manually, so alternatively you can create a domain policy which
> > adds the trusted users to this user right on all machines.
> I tried this approach and I'm still not having any luck with the user
> being able to create native symbolic links in a non-elevated shell.

What approach?  Adding the Users group to the Local Security Policy or
adding a domain policy?  If the latter, did you call gpupdate on the
client or reboot the client machine to propagate the domain policy?

Also, either way, did you logoff and logon so that the "Create symbolic
links" user right can be added to your user token?  Note that your token
remains unchanged if you didn't exit from your session.  Just changing
the Policy isn't enough, the OS needs achance to create a new user token
for you containing the user right.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]