winsymlinks:nativestrict and Windows 10

Andrey Repin anrdaemon@yandex.ru
Tue Mar 19 17:20:00 GMT 2019


Greetings, LRN!

> On 19.03.2019 15:23, Andrey Repin wrote:
>> It's not a secret that in earlier Windows versions members of Administrators
>> group require elevated shell to create symlinks.
>> Win10 is supposed to be easier, but all I've found was pointing to some
>> obscure "developer mode".

> Newer Windows 10 added a feature where passing a certain flag
> (SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE) to a W32 API function that
> creates symlink (CreateSymbolicLinkW) allows you to create symlinks without
> being Administrator.

> This flag only works if you put Windows into developer mode (you can toggle
> this in Settings->Update & Security->For developers).

> Newer versions of Cygwin know about this flag, and will always try to use it.

> Ironically, some programs built into Windows do *not* use this flag, and will
> continue to fail to create symlinks. Similarly, old versions of Cygwin or,
> really, any Windows (MinGW/MSVC) program that does symlinks, will not be able
> to use it, since they are not passing that flag. Any program that uses Cygwin
> runtime will automatically benefit from this feature if Cygwin runtime itself
> is new enough, since programs built against Cygwin just call `symlink()` and
> don't have to know anything about implementation details.

>> I wonder if it is possible to add some permission to the account instead and
>> call it a day?
>> 

> Devmode + SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE is the only way to
> create symlinks without being Administrator (that i know of). You can't just
> give some extra privileges to your non-administrator account. I know, i've tried.

> Do note that this still doesn't fix the fundamental problem of NTFS symlinks
> being either files or directories, but not both at the same time, unlike
> symlink on other filesystems that have "dynamic" type and thus can be files or
> directories depending on what they are pointing to at any given moment. But you
> must already know what, since you're using nativestrict.

It's even worse than that. Windows 10 fully resolves symlinks BEFORE passing
them to any application.
Say, you want to start X:\Y\z which is a symlink to A:\B\c.
On Win7, the command line will be X:\Y\z
On Win10, it will be A:\B\c. All relative paths inside program will be
relative to "A:\B".
No way to have program mode switching by name, like it is often seen in *NIX.
This shit completely ruined my setup.


-- 
With best regards,
Andrey Repin
Tuesday, March 19, 2019 19:59:00

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list