Talk:AccessControl plug-in: Difference between revisions
From NSIS Wiki
Jump to navigationJump to search
(Blanked the page) |
m (Reverted edits by 59.90.209.200 to last version by 82.113.99.188) |
||
| Line 1: | Line 1: | ||
== Usage Example == | |||
<highlight-nsis> | |||
AccessControl::GrantOnFile \ | |||
"$INSTDIR\database" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete" | |||
</highlight-nsis> | |||
:You can't use it that way because your stack may be modified after that call. Because you don't know about causing an error (the error flag isn't set although an error occured) you have to check the stack: | |||
<highlight-nsis> | |||
Push $0 ; save | |||
Push "Marker" | |||
AccessControl::GrantOnFile \ | |||
"$INSTDIR\database" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete" | |||
Pop $0 ; get "Marker" or error msg | |||
StrCmp $0 "Marker" Continue | |||
MessageBox MB_OK|MB_ICONSTOP "Error setting access control for $INSTDIR\database: $0" | |||
Pop $0 ; pop "Marker" | |||
Continue: | |||
Pop $0 ; restore | |||
</highlight-nsis> | |||
== Solution to the problem with (BU) on Windows 7 == | |||
Use the SID "(S-1-5-32-545)" instead of "(BU)" for Windows 7 - "(BU)" doesn't work. This may also help for non-English installations. | |||
== Set the append/modify flag for ACLs == | |||
If you want to set the append/modify flag (in German: Aendern) for files/directories, set the accesscontrol flag to: | |||
<highlight-nsis> | |||
"GenericRead + GenericExecute + GenericWrite + Delete" | |||
</highlight-nsis> | |||
==The IsUserTheAdministrator problem== | |||
I'm able to trick this export to both return "no" when the admin group is enabled in the process token, and "yes" when the admin group is a deny SID. | |||
You are better off using the UserInfo plugin if you need to check if the current user has admin access rights since it already has support for deny SID's and "dynamic group membership". | |||
If you just need the SID or info about a user other than the current user, this export is fine. | |||
== Questions and Answers == | |||
*Q: How can I upload the zip file containing the AccessControl port to NSIS Unicode? | |||
::A: See [[Uploading files]]. | |||
*Q: I've downloaded the plugin but It only contains a dll file, not a nsh. The plug in usage manual details that the dll must go into the plugin directory, and the nsh into the include directory. What do I do now? | |||
::A: To install this plugin, copy-and-paste the content of the ZIP archive into your NSIS folder and you are done. The plugin extends NSIS. This means that you do not have to load any NSH file or something. Simply use it like the example(s) show you. In simpler words: it works "out of the box". | |||
*Q: I want to do someting like : </INHERIT> </REPLACE> which will delete existing ACL and force propagation from upper level. How can I delete existing ACL and replace with specified (SET)? | |||
::A: (no answer yet) | |||
Revision as of 17:23, 11 November 2011
Usage Example
AccessControl::GrantOnFile \ "$INSTDIR\database" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete"
- You can't use it that way because your stack may be modified after that call. Because you don't know about causing an error (the error flag isn't set although an error occured) you have to check the stack:
Push $0 ; save Push "Marker" AccessControl::GrantOnFile \ "$INSTDIR\database" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete" Pop $0 ; get "Marker" or error msg StrCmp $0 "Marker" Continue MessageBox MB_OK|MB_ICONSTOP "Error setting access control for $INSTDIR\database: $0" Pop $0 ; pop "Marker" Continue: Pop $0 ; restore
Solution to the problem with (BU) on Windows 7
Use the SID "(S-1-5-32-545)" instead of "(BU)" for Windows 7 - "(BU)" doesn't work. This may also help for non-English installations.
Set the append/modify flag for ACLs
If you want to set the append/modify flag (in German: Aendern) for files/directories, set the accesscontrol flag to:
"GenericRead + GenericExecute + GenericWrite + Delete"
The IsUserTheAdministrator problem
I'm able to trick this export to both return "no" when the admin group is enabled in the process token, and "yes" when the admin group is a deny SID.
You are better off using the UserInfo plugin if you need to check if the current user has admin access rights since it already has support for deny SID's and "dynamic group membership".
If you just need the SID or info about a user other than the current user, this export is fine.
Questions and Answers
- Q: How can I upload the zip file containing the AccessControl port to NSIS Unicode?
- A: See Uploading files.
- Q: I've downloaded the plugin but It only contains a dll file, not a nsh. The plug in usage manual details that the dll must go into the plugin directory, and the nsh into the include directory. What do I do now?
- A: To install this plugin, copy-and-paste the content of the ZIP archive into your NSIS folder and you are done. The plugin extends NSIS. This means that you do not have to load any NSH file or something. Simply use it like the example(s) show you. In simpler words: it works "out of the box".
- Q: I want to do someting like : </INHERIT> </REPLACE> which will delete existing ACL and force propagation from upper level. How can I delete existing ACL and replace with specified (SET)?
- A: (no answer yet)
