aviadlich
10th June 2008 14:00 UTC
AccessControl set file with no permission to group
I am trying to copy a file to the program files directory/$INSTDIR
Then i want to limit the permissions to the file so the Users group will have no permissions on the file.
this is my code:
SetOutPath $INSTDIR
File "try.txt"
AccessControl::DisableFileInheritance "$INSTDIR\try.txt"
AccessControl::setOnFile \
"$INSTDIR\try.txt" "(S-1-5-32-545)" ""
I tried various functions, with various parameters but nothing seems to strip the permissions from the Users group
Thanks
Afrow UK
10th June 2008 15:45 UTC
Use ClearOnFile.
Stu
aviadlich
10th June 2008 16:00 UTC
Thanks for the quick reply
BUT it didn't help
This is the line i used:
AccessControl::ClearOnFile \
"$INSTDIR\try.txt" "(S-1-5-32-545)" ""
I also tried this
AccessControl::ClearOnFile \
"$INSTDIR\try.txt" "(S-1-5-32-545)"
Am i getting something completley wrong ?
by the way i am using Vista
but i need to support all platforms
Afrow UK
10th June 2008 16:54 UTC
Ah sorry if you want to remove them from the ACL, use RevokeOnFile and your last parameter needs to be FullAccess not "". ClearOnFile replaces all ACEs with the given ACE whereas revoke removes the given ACE.
Stu
aviadlich
11th June 2008 10:14 UTC
Thanks
This works great
aviadlich
2nd July 2008 20:31 UTC
I ran the following code
AccessControl::DisableFileInheritance "$INSTDIR\my-dir"
AccessControl::RevokeOnFile \
"$INSTDIR\my-dir" "(S-1-5-32-545)" "FullAccess"
As you recommended above.
This indeed worked great on Vista and 2003 Server but on XP it doesn't remove the local machine User group
Any ideas out there ?
Afrow UK
2nd July 2008 22:35 UTC
Put a Pop $R0 after it and see what the value of $R0 is in a message box.
Stu
aviadlich
3rd July 2008 11:54 UTC
Thanks for the reply but i get an empty message box
it looks like the disable inheritance works fine
Afrow UK
3rd July 2008 11:55 UTC
And after the RevokeOnFile call?
Stu
aviadlich
3rd July 2008 13:02 UTC
The message box is empty as well