AccessControl plug-in: Difference between revisions

Latest revision as of 15:48, 24 February 2021

Author: tbf (talk, contrib)

Links

AccessControl.zip (48 KB) (includes NSIS-Unicode variant)

Run with conda execute or install with conda install (see Conda).

Well-known security identifiers in Windows operating systems

Description

Version: 1.0.8.3 (20210224)

Supported on: WinNT4+.

The AccessControl plugin for NSIS provides a set of functions related to Windows NT access control list (ACL) management.

Usage Example

# Give ownership for file C:\test.txt to Waterloo\Mathias
  AccessControl::SetFileOwner \
    "C:\test.txt" "Waterloo\Mathias"
  Pop $0 ; "error" on errors
 
# Make the directory "$INSTDIR\database" read write accessible by all users
  AccessControl::GrantOnFile \
    "$INSTDIR\database" "(BU)" "GenericRead + GenericWrite"
  Pop $0
 
# Give all authentificated users (BUILTIN\Users) full access on
# the registry key HKEY_LOCAL_MACHINE\Software\Vendor\SomeApp
  AccessControl::GrantOnRegKey \
    HKLM "Software\Vendor\SomeApp" "(BU)" "FullAccess"
  Pop $0
 
# Same as above, but with a numeric string SID
  AccessControl::GrantOnRegKey \
    HKLM "Software\Vendor\SomeApp" "(S-1-5-32-545)" "FullAccess"
  Pop $0

Detailed usage instructions and a list of functions can be found in the package readme Docs\AccessControl\AccessControl.txt.

File and Directory Permission List

File Permissions

ReadData
WriteData
AppendData
ReadEA
WriteEA
Execute
ReadAttributes
WriteAttributes
Delete
ReadControl
WriteDAC
WriteOwner
Synchronize
FullAccess
GenericRead
GenericWrite
GenericExecute
NULL

Directory Permissions

ListDirectory
AddFile
AddSubdirectory
ReadEA
WriteEA
Traverse
DeleteChild
ReadAttributes
WriteAttributes
Delete
ReadControl
WriteDAC
WriteOwner
Synchronize
FullAccess
GenericRead
GenericWrite
GenericExecute
NULL

Registry Permissions

QueryValue
SetValue
CreateSubKey
EnumerateSubKeys
Notify
CreateLink
Delete
ReadControl
WriteDAC
WriteOwner
Synchronize
GenericRead
GenericWrite
GenericExecute
FullAccess
NULL

See also: File Security and Access Rights
See also: Set the append/modify flag for ACLs
Comment: The GenericWrite permission isn't the same like the one on the microsoft page.

Credits

Written by Mathias Hasselmann
NSIS-Unicode port by Olivier Marcoux
Major changes by Afrow UK
Win95/WinNT4 support and bugfixes by Anders

@@ Line 1: / Line 1: @@
-{|align=right
+{{PageAuthor|tbf}}
-|<small>Author: [[{{ns:2}}:tbf|tbf]] ([[{{ns:3}}:tbf|talk]], [[{{ns:-1}}:Contributions/tbf|contrib]])</small>
-|}
-<br style="clear:both;">
 == Links ==
-<attach>AccessControl.zip</attach>
+<attach>AccessControl.zip</attach> (includes NSIS-Unicode variant)
+Run with <code>conda execute</code> or install with <code>conda install</code> (see [[Conda]]).
+[http://support.microsoft.com/kb/243330 Well-known security identifiers in Windows operating systems]
 == Description ==
-'''Supported on:''' ''Windows ME+, Windows 2000+''.
-The AccessControl plugin for NSIS provides a set of functions related Windows NT access control list (ACL) management.
+'''Version:''' 1.0.8.3 (20210224)
+'''Supported on:''' ''WinNT4+''.
+The AccessControl plugin for NSIS provides a set of functions related to Windows NT access control list (ACL) management.
 == Usage Example ==
@@ Line 16: / Line 21: @@
    AccessControl::SetFileOwner \
      "C:\test.txt" "Waterloo\Mathias"
+  Pop $0 ; "error" on errors
+# Make the directory "$INSTDIR\database" read write accessible by all users
+  AccessControl::GrantOnFile \
+    "$INSTDIR\database" "(BU)" "GenericRead + GenericWrite"
+  Pop $0
 # Give all authentificated users (BUILTIN\Users) full access on
@@ Line 21: / Line 32: @@
    AccessControl::GrantOnRegKey \
      HKLM "Software\Vendor\SomeApp" "(BU)" "FullAccess"
+  Pop $0
 # Same as above, but with a numeric string SID
    AccessControl::GrantOnRegKey \
      HKLM "Software\Vendor\SomeApp" "(S-1-5-32-545)" "FullAccess"
+  Pop $0
 </highlight-nsis>
-Detailed usage instructions can be found in the package.
+''Detailed usage instructions and a list of functions can be found in the package readme Docs\AccessControl\AccessControl.txt.''
+== File and Directory Permission List ==
+=== File Permissions ===
+* ReadData
+* WriteData
+* AppendData
+* ReadEA
+* WriteEA
+* Execute
+* ReadAttributes
+* WriteAttributes
+* Delete
+* ReadControl
+* WriteDAC
+* WriteOwner
+* Synchronize
+* FullAccess
+* GenericRead
+* GenericWrite
+* GenericExecute
+* NULL
+=== Directory Permissions ===
+* ListDirectory
+* AddFile
+* AddSubdirectory
+* ReadEA
+* WriteEA
+* Traverse
+* DeleteChild
+* ReadAttributes
+* WriteAttributes
+* Delete
+* ReadControl
+* WriteDAC
+* WriteOwner
+* Synchronize
+* FullAccess
+* GenericRead
+* GenericWrite
+* GenericExecute
+* NULL
+=== Registry Permissions ===
+* QueryValue
+* SetValue
+* CreateSubKey
+* EnumerateSubKeys
+* Notify
+* CreateLink
+* Delete
+* ReadControl
+* WriteDAC
+* WriteOwner
+* Synchronize
+* GenericRead
+* GenericWrite
+* GenericExecute
+* FullAccess
+* NULL
+'''See also:''' [http://msdn2.microsoft.com/en-us/library/aa364399.aspx File Security and Access Rights]<br />
+'''See also:''' [http://nsis.sourceforge.net/Talk:AccessControl_plug-in  Set the append/modify flag for ACLs]<br />
+'''Comment:''' The GenericWrite permission isn't the same like the one on the microsoft page.
 == Credits ==
-Written by [http://taschenorakel.de/mathias/ Mathias Hasselmann]
+Written by [http://taschenorakel.de/mathias/ Mathias Hasselmann]<br />
+NSIS-Unicode port by [http://wizou.fr Olivier Marcoux]<br />
+Major changes by [http://www.afrowsoft.co.uk Afrow UK]<br />
+Win95/WinNT4 support and bugfixes by [[User:Anders|Anders]]
-[[{{ns:14}}:Plugins]]
+[[Category:Plugins]]

AccessControl plug-in: Difference between revisions

Latest revision as of 15:48, 24 February 2021

Contents

Links

Description

Usage Example

File and Directory Permission List

File Permissions

Directory Permissions

Registry Permissions

Credits

Navigation menu

Page actions

Page actions

Personal tools

Website navigation

Search

Tools