2. NSIS Discussion
  3. Internet Guest Permissions

Archive: Internet Guest Permissions


systemsplanning
22nd August 2007 15:14 UTC

Internet Guest Permissions
Hi everyone!

I would like to set permissions on directories created by NSIS to allow reading and/or writing by the "Internet Guest Account" (sometimes called the anonymous internet user). This involves two things:

First, the user name of the Internet Guest Account is "IUSR_MACHINENAME". How can I get the MACHINENAME to construct the name of the Internet Guest Account on the user's computer? (For example, if the MACHINENAME is XYZ then the Internet Guest Account is IUSR_XYZ).

Second, how do I change permissions on a directory?

Many thanks in advance!
Stephen

kichik
22nd August 2007 16:36 UTC

The System plug-in can get you the computer name by calling GetComputerName and the AccessControl plugin can set folder access rights.

System::Call kernel32::GetComputerName(t.r0,i${NSIS_MAX_STRLEN})
StrCpy $0 IUSR_$0
# use AccessControl here with $0

systemsplanning
22nd August 2007 16:53 UTC

Many thanks! I knew there must be a way.

systemsplanning
22nd August 2007 17:26 UTC

Hello again Kichik,

I'm sorry to say that the installer crashes on the System::Call line. I can't find GetComputerName in the NSIS documentation to verify the syntax.

Any suggestions?

I saw this syntax in another thread:

System::Call 'kernel32.dll::GetComputerNameExW(i 4, w .r0, *i ${NSIS_MAX_STRLEN} r1) i.r2'

I'd love to look this up if I knew where.


Also, can I run this line by you for the permissions setting?

AccessControl::GrantOnFile "$INSTDIR\$MUUSBASE" $IUSRNAME "GenericRead + GenericWrite"

Does that look right?

Many thanks!
Stephen

kichik
22nd August 2007 19:35 UTC

GetComputerNameEx is 2000 and XP only. GetComputerName should work for other systems as well.

The reason it crashes is because the second parameter is actually a pointer so an asterisk is required before the `i`.

System::Call kernel32::GetComputerName(t.r0,*i${NSIS_MAX_STRLEN})
StrCpy $0 IUSR_$0
The AccessControl line seems fine. Best method to know if it's working is to test it.

systemsplanning
22nd August 2007 19:59 UTC

Thanks Kichik!

That worked. And I also have the permissions working.

By the way, how could I find the entire list of permissions besides GenericRead and GenericWrite? I would have expected them to be in the plug in docs. I guess I can always use FullAccess if necessary, but more granular is safer.

Many thanks again!
Stephen

kichik
22nd August 2007 20:08 UTC

The full list, from the source code:

static const char * g_filePermissionNames[] =
{
        "ReadData", "WriteData", "AppendData", 
        "ReadEA", "WriteEA", "Execute", "ReadAttributes", "WriteAttributes", 
        "Delete", "ReadControl", "WriteDAC", "WriteOwner", "Synchronize",
        "FullAccess", "GenericRead", "GenericWrite", "GenericExecute", NULL
};

systemsplanning
22nd August 2007 20:25 UTC

Of course! I should have looked there.

Many thanks again.
Stephen

Fork me on GitHub