Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!
openssl genrsa -des3 -out rootCA.key 4096
#! /bin/sh | |
# update glibc to 2.17 for CentOS 6 | |
wget http://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/glibc-2.17-55.fc20/glibc-2.17-55.el6.x86_64.rpm | |
wget http://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/glibc-2.17-55.fc20/glibc-common-2.17-55.el6.x86_64.rpm | |
wget http://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/glibc-2.17-55.fc20/glibc-devel-2.17-55.el6.x86_64.rpm | |
wget http://copr-be.cloud.fedoraproject.org/results/mosquito/myrepo-el6/epel-6-x86_64/glibc-2.17-55.fc20/glibc-headers-2.17-55.el6.x86_64.rpm | |
sudo rpm -Uvh glibc-2.17-55.el6.x86_64.rpm \ |
#Requires -RunAsAdministrator | |
#OneLine | |
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit } | |
#Or | |
$Loc = Get-Location | |
"Security.Principal.Windows" | % { IEX "( [ $_`Principal ] [$_`Identity ]::GetCurrent() ).IsInRole( 'Administrator' )" } | ? { | |
$True | % { $Arguments = @('-NoProfile','-ExecutionPolicy Bypass','-NoExit','-File',"`"$($MyInvocation.MyCommand.Path)`"","\`"$Loc\`""); | |
Start-Process -FilePath PowerShell.exe -Verb RunAs -ArgumentList $Arguments; } } |
package main | |
import ( | |
"os/exec" | |
"unsafe" | |
"golang.org/x/sys/windows" | |
) | |
// We use this struct to retreive process handle(which is unexported) |
I'm buiding a command line tool in Go that has an option to install itself as a service on Windows, which it needs admin rights for. I wanted to be able to have it reliably detect if it was running as admin already and if not, relaunch itself as admin. When the user runs the tool with the specific switch to trigger this functionality (-install or -uninstall in my case) they are prompted by UAC (User Account Control) to run the program as admin, which allows the tool to relaunch itself with the necessary rights.
To detect if I was admin, I tried the method described here first:
https://coolaj86.com/articles/golang-and-windows-and-admins-oh-my/
This wasn't accurately detecting that I was elevated, and was reporting that I was not elevated even when running the tool in CMD prompt started with "Run as Administrator" so I needed a more reliable method.
I didn't want to try writing to an Admin protected area of the filesystem or registry because Windows has the ability to transparently virtualize those writes