How to check if cygwin mintty/bash is run as administrator?

Problem Statement: What is the most elegant and robust way to test if Cygwin mintty bash session is "Run as adminstrator"?

Why, specifically? I have typically several mintty terminals open when using Windows (mintty does not have tabs). The most awkward is when I need to find a terminal window that I started by right-clicking "Run as administrator" when for example I want to run ping or other one-time procedure. I would like to indicate the "run as administrator"-ness of the terminal session visually (by changing the bash shell prompt variable PS1 in my start-up file ~/.bashrc).

Some quick potential solutions:

I can compare the value of some environmental variables. By quick look of env output there are quite many differences. It is however hard to tell which is most reliable in terms of portability to another Windows machine (perhaps running different version of Windows).
id, more specifically id -Gn shows different groups if run as administrator. In my Windows 7 machine I have Administrators and root groups added to the list. Again, I am not sure if this is portable.
I could try to write a file to a location that would fail as normal user. But I do not want to write any files to strange places - this could in some imagined scenarios be potentially destructive (e.g. failing storage media) and this seems utterly inelegant to my taste.
Running some Windows program that will indicate by return status or output if the command is run "as administrator". Best would be some with analogous purpose to that of UNIX id(1) command (but natively existing in Windows - or Cygwin, but without too far fetched translation of Windows system concepts to POSIX emulated concepts).

Any better or more elegant suggestions? Perhaps cygwin provides a command utility dedicated for this purpose?

Update: 97% duplicate of https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights/ - the difference is just here using bash instead of (IMHO weird and archaic) Windows cmd.exe. Please do check the answers and commentaries there.

FooF

Posted 2013-10-15T13:12:19.350

Reputation: 411

use the "run as Administrator" unless you do this then the process is not elevated to Administrator permissions even if an Administrator account starts the process. Just create a shortcut so this is always done. – Ramhound – 2013-10-15T13:17:17.250

@Ramhound Of course. But my problem is not how to run as administrator, my problem is how to detect in scriptable way if I am running as administrator. (I just recently had five terminals open, and needed to find the one that I run as administrator so that I could successfully run ping.) – FooF – 2013-10-15T13:24:29.403

@Ramhound If you had read my (overly verbose?) question, you would have been shocked already three times! Just I am not sure if the two methods (2 and 3; forget the method 1, attempting to create a file to some more protected location) are portable, and I am craving for something more elegant. – FooF – 2013-10-15T13:35:50.797

I did read your question. I don't consider any of those possible solutions as being acceptable. I would just create a shortcut and call it a day. – Ramhound – 2013-10-15T13:41:02.580

I recommend trying ConEmu. It has tabs, can run tab as administrator indicated by different icon in tabbar and most importantly uses console behind the scenes so native windows applications work on it correctly unlike on mintty.

– Jan Hudec – 2013-10-15T13:51:47.733

@Ramhound So you imply the presence of Administrators group is not standard and portable way to distinguish if running as adminstrator in Windows? (Above when saying "group" I am using the concept of cygwin emulation layer, I am not sure what the Microsoft term is for this Adminstrators.) I would like to learn more about this. – FooF – 2013-10-15T14:04:25.167

2@Ramhound You are right that my original problem (distinguishing the administrator terminal window) that I already had narrowed down into this question could be solved by making a short cut for mintty that 1. runs as administrator, 2. uses different configuration file with differing color settings and 3. uses an alternative icon. If you describe to general public how to create this, I will give you an upvote (unless you say in your answer that it cannot be done within a script :-). – FooF – 2013-10-15T14:07:31.713

@JanHudec That ConEmu sounds wonderful. Some time ago I tried searching something similar but could not quite find one. Thanks so much for the tip. I am definitively going to try it out. – FooF – 2013-10-15T14:11:59.843

1@FooF - Just because you run a process with an Administrator level user does not mean the process itself has been escalated. Windows by default will only esclate a process if the user approves of such action hence the "run as Administrator" feature in Windows. You can also provider ALL permissions to ANY group you want even the Foo user group if you wanted. – Ramhound – 2013-10-15T14:12:59.243

@Ramhound Interesting. I have a strong Unix/Linux background but I am quite a newbie/stranger in Windows world. But this increasingly interesting conversation is perhaps a little bit out of scope in superuser.com. Maybe I should search/ask stackoverflow.com for advice where I could study the central concepts that the Windows GUI and help files so hard tries to obfuscate with its labyrinths of mouse clicking pathways and step-by-step instructions that make it difficult to see the forest from the trees and branches and leaves. :-) – FooF – 2013-10-15T14:50:49.440

1@FooF - Just think it as sudo which is required even if you are running as a root user. – Ramhound – 2013-10-15T14:55:47.840

@Ramhound Weird, but charmingly so. – FooF – 2013-10-15T14:57:56.973

Answers

I just wrote this function for the same reason. I never know which shell has admin privileges.

function isadmin()
{
    net session > /dev/null 2>&1
    if [ $? -eq 0 ]; then echo "admin"
    else echo "user"; fi
}

It adapted from this answer https://stackoverflow.com/a/11995662/307968 for windows cmd shell. Net Session returns 0 status if you are admin.

Now I just need to change my prompt, or maybe the titlebar color....

Darrel Lee

Posted 2013-10-15T13:12:19.350

Reputation: 206

Nice find. Though there seems to be edge cases where this too fail, if you check the stackoverflow comments. – FooF – 2016-07-19T10:08:10.930

Nevertheless I accepted this answer because it points to a much comprehensive discussions (the stackoverflow question and the accepted answer there currently have scores of 147 and 255, respectively). – FooF – 2016-07-19T10:27:39.070

Thanks! I use this to selectively color the username in my prompt. If the sell is elevated, I color it red, otherwise green. Useful to keep track of which shells are elevated if you have many terminal windows open. – HelloGoodbye – 2019-02-12T10:46:50.203

The definitive answer to this question comes from the Cygwin mailing list. A process is running with Administrator rights if the user who started it is part of group 544 (Administrators). Also from the comment below by Cromax, it seems that group 114 (Local account and member of Administrator group) is also sometimes present. The test for these two groups is

id -G | grep -qE '\<(114|544)\>'

For example,

id -G | grep -qE '\<(114|544)\>' && echo admin || echo user

In the past you also needed to check for group 0, the root group in /etc/group. But /etc/group is no longer installed in Cygwin, and should usually be removed if it's present, so it's no longer recommended to check for group 0 too. Just group 544.

Andrew Schulman

Posted 2013-10-15T13:12:19.350

Reputation: 2 696

1Thanks for asking in the Cygwin mailing list. :-) Nice to know that the (emulated/translated) group id's remain constant between systems. – FooF – 2015-02-09T09:26:16.953

Sure... I wanted to know myself, and the people there know. – Andrew Schulman – 2015-02-09T11:50:01.700

1Unfortunately this doesn't work in Mingw/Msys. Steven's answer does, although only on Windows 7. – sparrowt – 2016-03-14T10:04:23.997

1I've just tried that (on W7) and it didn't work, but I've noticed, that if Window's user one is logged as is also an administrator, then when when Cygwin is ran as administrator, there is another group that pops in id's output, namely 114 (Local account and member of Administrator group). So the regexp should be updated to: id -G | grep -qE '\<(114|544)\>' && echo admin || echo user – Cromax – 2018-01-09T20:51:50.527

Thanks. I haven't seen that myself, but I see that group 114 does seem to be an Administrators group, so it seems reasonable to check for it too. I revised the answer. – Andrew Schulman – 2018-01-10T16:05:55.370

I use the return value of the Windows program at. I also recreated the functionality of the PROMPTING special character \$.

# Set a white $ initially
eStyle='\[\e[0m\]$'

# If 'at' succeeds, use a red # instead
at &> /dev/null && eStyle='\[\e[0;31m\]#\[\e[0m\]'  # Use # in red

PS1='\n\[\e[0;32m\]\u@\h \[\e[0;33m\]\w\[\e[0m\]\n'"$eStyle "

Examples

Steven

Posted 2013-10-15T13:12:19.350

Reputation: 24 804

1doesn't seem to work on windows8.1 – zzapper – 2014-10-07T15:18:11.117

1@zzapper Please be more specific. What happens / doesn't happen? Error messages? – Steven – 2014-10-07T16:00:15.210

4id returns same values, at is deprecated use schtasks.exe instead but this works whether admin or not – zzapper – 2014-10-07T16:15:18.043

Assuming there is no equivalent of UNIX id command in Windows, I accept this as a correct answer. At least running at command without any arguments does not appear to have any side effects. I am going to use this method in my .bashrc file from now on! Thanks for the hack. – FooF – 2014-03-03T11:57:44.093

id -G | grep -qE '\<(544|0)\>' didn't seem to work for me, as my output had neither <> or 544 even when elevated. However, since elevation is required for writing to %WINDIR%\system32, I used that to test for elevation with a shell function:

is_elevated() { 
   [[ $(uname -o) -eq "Cygwin" ]] || return 1
   touch $WINDIR/system32/.cyg_elevated &> /dev/null
}

When applied to Steven's excellent idea of a red hash character:

is_elevated && PS1='\[\e]0;\w\a\]\n\[\e[32m\]\u@\h \[\e[33m\]\w\[\e[0m\]\n\[\e[0;31m\]#\[\e[0m\] '

Josh

Posted 2013-10-15T13:12:19.350

Reputation: 21

Do something that only admin could do and test for success or fail:-

if touch c:/Users/.x ; then  echo 'ok'  ; fi

touch c:/Users/.x && echo ok

touch c:/Users/.x && \rm c:/Users/.x && echo ok

touch c:/Users/.x  &> /dev/null && \rm c:/Users/.x && echo you are admin

zzapper

Posted 2013-10-15T13:12:19.350

Reputation: 231

In Msys on Windows try this (I found the accepted answer didn't work in Msys)

at &> /dev/null && echo "Running as admin" || echo "NOT running as admin"

This relies on the return code of at being zero only when running as admin.

sparrowt

Posted 2013-10-15T13:12:19.350

Reputation: 2 013

1This seems the same method as @Steven gave in earlier answer (which does not seem to work on Windows 8.1 according to a comment - unless MSYS "at" is somehow). While the question was about Cygwin, it is interesting to compare with similar MSYS. Thanks for the contribution. – FooF – 2015-04-24T06:00:24.160

Very similar yes. However I ended up on this question trying to use it to check in a script (Win7, Msys) rather than setting the bash prompt style, so I thought this might be of use to someone else doing the same – sparrowt – 2015-04-24T09:04:36.480

I agree on the usefulness. – FooF – 2015-04-24T09:27:42.737