2. NSIS Discussion
  3. AccessControl modify rights?

Archive: AccessControl modify rights?


BSOD2600
16th March 2006 10:03 UTC

AccessControl modify rights?
I'm trying to give a user NTFS Modify rights on a folder with the following, which does not do it:


AccessControl::GrantOnFile "$INSTDIR\cactid\" "Everyone" "GenericRead + GenericWrite + GenericExecute + AppendData"


That will only give Everyone: 'Read & Execute', 'List folder contents', 'Read', 'Write'. They must have the Modify rights too.

Looking through static const char * g_filePermissionNames[] in accesscontrol.c, I can see all the various names, but apparently the AppendData doesn't do what it should.

I realize I could use the microsoft xcalcs tool in a seperate script, but I'd rather keep as much of the scripting inside the NSIS installer as possible.

How can I accomplish this?

kichik
16th March 2006 17:57 UTC

If you believe there is a problem in the source code of AccessControl, you should contact the developer. If you can't reach him and know what the problem is, you can upload a new fixed version.

bholliger
16th March 2006 19:26 UTC

Hi BSOD2600!

Try that:

AccessControl::GrantOnFile "$INSTDIR\cactid\" "(S-1-1-0)" "GenericRead + GenericWrite + GenericExecute + Delete"

"(S-1-1-0)" is Everyone's SID.

Modify = Read|Write|Execute|Delete

Please let me know, if it works.

-Bruno.

BSOD2600
16th March 2006 21:34 UTC

Yup, that works, thanks. Maybe you might want to document a few more examples on how to use your plugin...

Why didn't the AppendData work? I thought append was read|write|delete ?

In the meanwhile I was waiting for a solution for the Modify problem, I switched my script over to use xcacls (i.e. xcacls $INSTDIR\cactid /T /C /E /G Everyone:R /Y > NUL).

Another problem I've run across is when trying to apply permissions onto $SYSDIR\cmd.exe. On XP, the IUSR_COMP has the DENIED permissions set for 'full access' on cmd.exe. I tried the following, but AccessControl says its unable to write the ACL


AccessControl::RevokeOnFile "$SYSDIR\cmd.exe" "IUSR_COMPNAME" "FullAcces"
AccessControl::SetOnFile "$SYSDIR\cmd.exe" "IUSR_COMPNAME" "GenericRead + GenericExecute"


Any idea why and what's the proper way to do it? simply trying to use SetOnFile does not work either. Conversly, when using xcalcs, it applies it just fine (xcacls %WINDIR%\System32\cmd.exe /T /C /E /G IUSR_COMPNAME:R /Y > NUL)

bholliger
16th March 2006 21:43 UTC

Sorry, I'm not the developer of this plugin.

Maybe you can find some more information here:

http://taschenorakel.de/mathias/accesscontrol.de.html

Fork me on GitHub