2. NSIS Discussion
  3. setting a file's permissions

Archive: setting a file's permissions


tdodge
16th November 2006 05:10 UTC

setting a file's permissions
Hello,

I am very new to writing .nsi scripts but need to modify an existing one. I need to set a file's permissions so that it is read-only. Through some searches on this forum, I discovered the AccessControl plug-in but I must be doing something incorrect because it doesn't seem to be working. Here are some examples of what I have tried ...

AccessControl::SetOnFile \
"$INSTDIR\iTMSTransporter.woa\Contents\Resources\testFile" "Everyone" "GenericRead"

AccessControl::SetOnFile \
"$INSTDIR\iTMSTransporter.woa\Contents\Resources\testFile" "(BU)" "GenericRead"

Also, I am not even sure what trustee to use. If anyone can suggest a "default" one that all (or most) users would have, that would be great.

Any help or suggestions would be greatly appreciated.

Thanks kindly,
Tiff

szornyu
16th November 2006 08:15 UTC

Weirdly enough, I struggle with same issue! :)
Can any of You, gurus, give us the solution?
S-1-1-0 and S-1-5-32-545 doesn't seem to work.
thanks in advance
szornyu

Comm@nder21
16th November 2006 11:07 UTC

do you really want to set file access permissions (altering the windows ACLs) or just to set the +r attribute?

colm
16th November 2006 11:38 UTC

Suggestion - use:

Exec "CACLS ..."

Instead. Type cacls /? to find out how to use it...

szornyu
16th November 2006 14:28 UTC

Hi.
I want to alter the access permissions of a folder ($INSTDIR\keys)
Actually, I want to extend existing "Read & execute", "Read" and "List folder context" by adding "Modify" and "Write".
It is a folder to store *.pkr and *.skr files of a PKI based authentication mechanism..
If additional permissions are not granted, my application returns a "Public KeyRing update error: file operation error".
By manually granting the above mentioned permissions, everything works fine. But I want to include this feature into the patch I want to deploy, to make the application Windows Vista-ready. :)

Thanks for the cacls tip, for everybody's information, Vista uses iCACLS ...
Doesn't seem to work...
What I'm doing wrong???
szornyu

colm
16th November 2006 14:30 UTC

Does it work if you use iCACLS manually on vista?

colm
16th November 2006 14:31 UTC

Possible cause is lack of privileges. You could try nsExec, and getting the results of the command back in the installer.

szornyu
16th November 2006 16:14 UTC

Yes, de utility works, but not on every folder.
Let me give a picture of the situation:
- application installed under user member of Administrators group
- folder I am having trouble with has only Read, Execute, anf List permissions
- by using iCACLS I'm unable to set the desired permission.

Only for testing purposes I created a new folder under C:\ and, By the gods!, everything work fine!

The user I'm logged in with, is member of administrator, but I think I'mentined this before...
szornyu

colm
16th November 2006 16:27 UTC

Do..

nsExec::ExecToStack "'iCACLS' your command line options"
Pop $1
Pop $2

MessageBox MB_OK $1
MessageBox MB_OK $1

What does it say?

tdodge
17th November 2006 01:06 UTC

Hello,

Thank you everyone for your replies!

After a little more research, it looks like ATTRIB is what I want to use. I do not know, though, which Windows support it. I know XP does (since that is what I tested it on) and I think NT does. Does anyone know if 2000, 98, and Vista supports ATTRIB?

Also, I guessing I can do something like this in the .nsi script ...
nsExec::ExecToStack "'ATTRIB' your command line options"
But feel free to let me know if that is wrong. :)

Thanks again,
Tiff

Anders
17th November 2006 02:09 UTC

no need for external program, just use SetFileAttributes (And ATTRIB goes back to the days of dos)

tdodge
17th November 2006 02:43 UTC

Thank you! Thank you! Thank you!

The installer now successfully sets the permissions of a file to read-only.

This worked ..
nsExec::ExecToStack '"ATTRIB" +R filename'

But this is better ...
setFileAttributes "filename" READONLY

Again, thank you everyone for your help!
Tiff

szornyu
17th November 2006 13:41 UTC

Okay, just not to left the without an answer those who were kind enough to write to the topic, I managed to set permission to the desired folder.
I used AccessControl::GrantOnFile "$INSTDIR\foldername" "(S-1-5-32-545)" "GenericRead + GenericWrite + GenericExecute + Delete"
The only trick I wasn't aware is that You need bloody administrator rights to do it.
Odd thing: the user I was logged in with, had admin rights ( as a matter of fact, he was the only visible member of the Administrators group ), he wasn't able to set those permissions ( got access denied error ).
Running the installer "As Administrator" (from the context menu), everything worked as it should.
Thanks for everyone's help.
szornyu

szornyu
17th November 2006 13:43 UTC

tdodge, hope You don't mind I was shoving into Your topic...
szornyu

tdodge
17th November 2006 17:30 UTC

Oh goodness, no need to worry! :) I'm glad that you added more information to the thread and posted yor solution!

Take Care,
Tiff

onad
21st November 2006 12:31 UTC

Thanks "szornyu" for posting your additional information ,really appriciated.

Fork me on GitHub