2. NSIS Discussion
  3. Check if user has permissions to create directory

Archive: Check if user has permissions to create directory


Jacobkg
18th September 2009 19:15 UTC

Check if user has permissions to create directory
Greetings:

I am fairly new to NSIS installer creation, and could not find the answer to this question via other means. I have an NSIS installer that defaults to a folder within the Program Files directory. For non-admin users on Windows Server machines, I am getting an error when it tries to write files to that default directory. I want to write a custom MUI_PAGE_CUSTOMFUNCTION_LEAVE function for the directory page that verifies that the user can write to the directory. Anyone have a good idea about the best way to check whether a user has the appropriate permissions?

Thanks.

MSG
21st September 2009 11:37 UTC

I have a solution for this at home. I'll try to remember to post it when I get back... >__>

Afrow UK
21st September 2009 12:38 UTC

Just try writing to the folder and then check the errors flag:


ClearErrors
FileOpen $R0 $INSTDIR\tmp.dat w
FileClose $R0
Delete $INSTDIR\tmp.dat
${If} ${Errors}
  ...
  Abort
${EndIf}


Stu

MSG
21st September 2009 12:57 UTC

There's a differe between creation and modification priviledges. Are you sure the above will effectively test for both? But aside from that, that method should work just fine for in a leave function.

(The solution I was referring to before is to directly check the permissions themselves, so it can be used in cases where many tests would be required in a short period of time.)

Afrow UK
21st September 2009 16:01 UTC

The ability to create files and write to files are the same privilege.

Stu

MSG
21st September 2009 16:56 UTC

FILE_WRITE_DATA 0x0002 For a file object, the right to write data to the file. For a directory object, the right to create a file in the directory (FILE_ADD_FILE).

FILE_APPEND_DATA 0x0004 For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without FILE_WRITE_DATA.) For a directory object, the right to create a subdirectory (FILE_ADD_SUBDIRECTORY).
These are separate permissions. They are both included in GENERIC_WRITE, but that does not mean that you shouldn't test for both privileges if you're going to need both.


Here's what I've got, based on a script example by Anders:
System::Call "kernel32::CreateFile(t `$INSTDIR`,i 0x1301BB,i 3,i 0,i 3,i 0x02000000,i 0)i .r1"

The above hex value 0x1301BB consists of the following:
STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE |
STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA |
STANDARD_RIGHTS_EXECUTE | FILE_EXECUTE |
DELETE

...Which is just the expanded version of FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE | DELETE. Now that I think about it, I might also have tested for that pattern instead, chances are it would've amounted to the same thing.

Fork me on GitHub