This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: winsymlinks:nativestrict and Windows 10

From: LRN <lrn1986 at gmail dot com>
To: cygwin at cygwin dot com
Date: Tue, 19 Mar 2019 17:23:04 +0300
Subject: Re: winsymlinks:nativestrict and Windows 10
References: <1039329494.20190319152358@yandex.ru>

On 19.03.2019 15:23, Andrey Repin wrote:
> It's not a secret that in earlier Windows versions members of Administrators
> group require elevated shell to create symlinks.
> Win10 is supposed to be easier, but all I've found was pointing to some
> obscure "developer mode".

Newer Windows 10 added a feature where passing a certain flag
(SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE) to a W32 API function that
creates symlink (CreateSymbolicLinkW) allows you to create symlinks without
being Administrator.

This flag only works if you put Windows into developer mode (you can toggle
this in Settings->Update & Security->For developers).

Newer versions of Cygwin know about this flag, and will always try to use it.

Ironically, some programs built into Windows do *not* use this flag, and will
continue to fail to create symlinks. Similarly, old versions of Cygwin or,
really, any Windows (MinGW/MSVC) program that does symlinks, will not be able
to use it, since they are not passing that flag. Any program that uses Cygwin
runtime will automatically benefit from this feature if Cygwin runtime itself
is new enough, since programs built against Cygwin just call `symlink()` and
don't have to know anything about implementation details.

> I wonder if it is possible to add some permission to the account instead and
> call it a day?
> 

Devmode + SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE is the only way to
create symlinks without being Administrator (that i know of). You can't just
give some extra privileges to your non-administrator account. I know, i've tried.

Do note that this still doesn't fix the fundamental problem of NTFS symlinks
being either files or directories, but not both at the same time, unlike
symlink on other filesystems that have "dynamic" type and thus can be files or
directories depending on what they are pointing to at any given moment. But you
must already know what, since you're using nativestrict.

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: winsymlinks:nativestrict and Windows 10
  - From: Frank Redeker
- Re: winsymlinks:nativestrict and Windows 10
  - From: Andrey Repin

References:
- winsymlinks:nativestrict and Windows 10
  - From: Andrey Repin

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]