Talk:AccessControl plug-in: Difference between revisions

From NSIS Wiki
Jump to navigationJump to search
No edit summary
Line 46: Line 46:
== IsUserTheAdministrator problem? ==
== IsUserTheAdministrator problem? ==
I'm able to trick this export to both return "no" when the admin group is enabled in the process token, and "yes" when the admin group is a deny SID. You are better off using the UserInfo plugin if you need to check if the current user has admin access rights since it already has support for deny SID's and "dynamic group membership". If you just need the SID or info about a user other than the current user, this export is fine
I'm able to trick this export to both return "no" when the admin group is enabled in the process token, and "yes" when the admin group is a deny SID. You are better off using the UserInfo plugin if you need to check if the current user has admin access rights since it already has support for deny SID's and "dynamic group membership". If you just need the SID or info about a user other than the current user, this export is fine
== IsThisPossible? ==


How can I delete existing ACL and replace with specified (SET ) ?  
How can I delete existing ACL and replace with specified (SET ) ?  
Line 52: Line 54:
Best regards
Best regards
Swapnil Mahadik
Swapnil Mahadik
(swapnil.p.mahadik@gmail.com)
swapnil.p.mahadik@gmail.com

Revision as of 07:53, 8 May 2009

What about Vista support? Is it working on Vista?

--141.7.15.121 05:21, 26 June 2007 (PDT)

What about recursive rights?

--141.7.15.121 00:25, 30 July 2007 (PDT)

Vista support

I've tested AccessControl under Vista and it works great. Thx

Set the append/modify flag for ACLs

If you want to set the append/modify flag (in German: ändern) for files/directories, set the accesscontrol flag to:

 "GenericRead + GenericExecute + GenericWrite + Delete"

Usage Example

  AccessControl::GrantOnFile \
    "$INSTDIR\database" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete"
You can't use it that way because your stack may be modified after that call. Because you don't know about causing an error (the error flag isn't set although an error occured) you have to check the stack:
  Push $0 ; save 
 
  Push "Marker" 
  AccessControl::GrantOnFile \
    "$INSTDIR\database" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete"
  Pop $0 ; get "Marker" or error msg
  StrCmp $0 "Marker" Continue
  MessageBox MB_OK|MB_ICONSTOP "Error setting access control for $INSTDIR\database: $0"
  Pop $0 ; pop "Marker"
 
Continue:
  Pop $0 ; restore
It would be much easier if the AccessControl-functions always push something on the stack, e.g. "success" if there wasn't an error. Otherwise the functions may set or clear the error flag. Thus you simply know if something should be on the stack or not. --212.51.7.22 22:52, 1 October 2007 (PDT)

IsUserTheAdministrator problem?

I'm able to trick this export to both return "no" when the admin group is enabled in the process token, and "yes" when the admin group is a deny SID. You are better off using the UserInfo plugin if you need to check if the current user has admin access rights since it already has support for deny SID's and "dynamic group membership". If you just need the SID or info about a user other than the current user, this export is fine

IsThisPossible?

How can I delete existing ACL and replace with specified (SET ) ? I want to do someting like : </INHERIT> </REPLACE> which will delete existing ACL and force propagation from upper level

Best regards Swapnil Mahadik swapnil.p.mahadik@gmail.com