AccessControl plug-in: Difference between revisions
m (→Description: v1.0.8.3) |
|||
(7 intermediate revisions by 4 users not shown) | |||
Line 2: | Line 2: | ||
== Links == | == Links == | ||
<attach>AccessControl.zip</attach> (includes NSIS-Unicode variant)< | <attach>AccessControl.zip</attach> (includes NSIS-Unicode variant) | ||
Run with <code>conda execute</code> or install with <code>conda install</code> (see [[Conda]]). | |||
[http://support.microsoft.com/kb/243330 Well-known security identifiers in Windows operating systems] | [http://support.microsoft.com/kb/243330 Well-known security identifiers in Windows operating systems] | ||
== Description == | == Description == | ||
'''Version:''' 1.0. | '''Version:''' 1.0.8.3 (20210224) | ||
'''Supported on:''' '' | |||
'''Supported on:''' ''WinNT4+''. | |||
The AccessControl plugin for NSIS provides a set of functions related to Windows NT access control list (ACL) management. | The AccessControl plugin for NSIS provides a set of functions related to Windows NT access control list (ACL) management. | ||
Line 17: | Line 21: | ||
AccessControl::SetFileOwner \ | AccessControl::SetFileOwner \ | ||
"C:\test.txt" "Waterloo\Mathias" | "C:\test.txt" "Waterloo\Mathias" | ||
Pop $0 ; "error" on errors | |||
# Make the directory "$INSTDIR\database" read write accessible by all users | # Make the directory "$INSTDIR\database" read write accessible by all users | ||
AccessControl::GrantOnFile \ | AccessControl::GrantOnFile \ | ||
"$INSTDIR\database" "(BU)" "GenericRead + GenericWrite" | "$INSTDIR\database" "(BU)" "GenericRead + GenericWrite" | ||
Pop $0 | |||
# Give all authentificated users (BUILTIN\Users) full access on | # Give all authentificated users (BUILTIN\Users) full access on | ||
Line 26: | Line 32: | ||
AccessControl::GrantOnRegKey \ | AccessControl::GrantOnRegKey \ | ||
HKLM "Software\Vendor\SomeApp" "(BU)" "FullAccess" | HKLM "Software\Vendor\SomeApp" "(BU)" "FullAccess" | ||
Pop $0 | |||
# Same as above, but with a numeric string SID | # Same as above, but with a numeric string SID | ||
AccessControl::GrantOnRegKey \ | AccessControl::GrantOnRegKey \ | ||
HKLM "Software\Vendor\SomeApp" "(S-1-5-32-545)" "FullAccess" | HKLM "Software\Vendor\SomeApp" "(S-1-5-32-545)" "FullAccess" | ||
Pop $0 | |||
</highlight-nsis> | </highlight-nsis> | ||
Line 102: | Line 110: | ||
Written by [http://taschenorakel.de/mathias/ Mathias Hasselmann]<br /> | Written by [http://taschenorakel.de/mathias/ Mathias Hasselmann]<br /> | ||
NSIS-Unicode port by [http://wizou.fr Olivier Marcoux]<br /> | NSIS-Unicode port by [http://wizou.fr Olivier Marcoux]<br /> | ||
Major changes by [http://www.afrowsoft.co.uk Afrow UK] | Major changes by [http://www.afrowsoft.co.uk Afrow UK]<br /> | ||
Win95/WinNT4 support and bugfixes by [[User:Anders|Anders]] | |||
[[Category:Plugins]] | [[Category:Plugins]] |
Latest revision as of 15:48, 24 February 2021
Author: tbf (talk, contrib) |
Links
AccessControl.zip (48 KB) (includes NSIS-Unicode variant)
Run with conda execute
or install with conda install
(see Conda).
Well-known security identifiers in Windows operating systems
Description
Version: 1.0.8.3 (20210224)
Supported on: WinNT4+.
The AccessControl plugin for NSIS provides a set of functions related to Windows NT access control list (ACL) management.
Usage Example
# Give ownership for file C:\test.txt to Waterloo\Mathias AccessControl::SetFileOwner \ "C:\test.txt" "Waterloo\Mathias" Pop $0 ; "error" on errors # Make the directory "$INSTDIR\database" read write accessible by all users AccessControl::GrantOnFile \ "$INSTDIR\database" "(BU)" "GenericRead + GenericWrite" Pop $0 # Give all authentificated users (BUILTIN\Users) full access on # the registry key HKEY_LOCAL_MACHINE\Software\Vendor\SomeApp AccessControl::GrantOnRegKey \ HKLM "Software\Vendor\SomeApp" "(BU)" "FullAccess" Pop $0 # Same as above, but with a numeric string SID AccessControl::GrantOnRegKey \ HKLM "Software\Vendor\SomeApp" "(S-1-5-32-545)" "FullAccess" Pop $0
Detailed usage instructions and a list of functions can be found in the package readme Docs\AccessControl\AccessControl.txt.
File and Directory Permission List
File Permissions
- ReadData
- WriteData
- AppendData
- ReadEA
- WriteEA
- Execute
- ReadAttributes
- WriteAttributes
- Delete
- ReadControl
- WriteDAC
- WriteOwner
- Synchronize
- FullAccess
- GenericRead
- GenericWrite
- GenericExecute
- NULL
Directory Permissions
- ListDirectory
- AddFile
- AddSubdirectory
- ReadEA
- WriteEA
- Traverse
- DeleteChild
- ReadAttributes
- WriteAttributes
- Delete
- ReadControl
- WriteDAC
- WriteOwner
- Synchronize
- FullAccess
- GenericRead
- GenericWrite
- GenericExecute
- NULL
Registry Permissions
- QueryValue
- SetValue
- CreateSubKey
- EnumerateSubKeys
- Notify
- CreateLink
- Delete
- ReadControl
- WriteDAC
- WriteOwner
- Synchronize
- GenericRead
- GenericWrite
- GenericExecute
- FullAccess
- NULL
See also: File Security and Access Rights
See also: Set the append/modify flag for ACLs
Comment: The GenericWrite permission isn't the same like the one on the microsoft page.
Credits
Written by Mathias Hasselmann
NSIS-Unicode port by Olivier Marcoux
Major changes by Afrow UK
Win95/WinNT4 support and bugfixes by Anders