AccessControl plug-in: Difference between revisions

From NSIS Wiki
Jump to navigationJump to search
m (v1.0.8.1 - 7th July 2014)
(→‎Usage Example: Added Pops)
Line 18: Line 18:
   AccessControl::SetFileOwner \
   AccessControl::SetFileOwner \
     "C:\test.txt" "Waterloo\Mathias"
     "C:\test.txt" "Waterloo\Mathias"
  Pop $0 ; "error" on errors


# Make the directory "$INSTDIR\database" read write accessible by all users
# Make the directory "$INSTDIR\database" read write accessible by all users
   AccessControl::GrantOnFile \
   AccessControl::GrantOnFile \
     "$INSTDIR\database" "(BU)" "GenericRead + GenericWrite"
     "$INSTDIR\database" "(BU)" "GenericRead + GenericWrite"
  Pop $0


# Give all authentificated users (BUILTIN\Users) full access on
# Give all authentificated users (BUILTIN\Users) full access on
Line 27: Line 29:
   AccessControl::GrantOnRegKey \
   AccessControl::GrantOnRegKey \
     HKLM "Software\Vendor\SomeApp" "(BU)" "FullAccess"
     HKLM "Software\Vendor\SomeApp" "(BU)" "FullAccess"
  Pop $0


# Same as above, but with a numeric string SID
# Same as above, but with a numeric string SID
   AccessControl::GrantOnRegKey \
   AccessControl::GrantOnRegKey \
     HKLM "Software\Vendor\SomeApp" "(S-1-5-32-545)" "FullAccess"
     HKLM "Software\Vendor\SomeApp" "(S-1-5-32-545)" "FullAccess"
  Pop $0
</highlight-nsis>
</highlight-nsis>



Revision as of 14:32, 17 September 2015

Author: tbf (talk, contrib)


Links

AccessControl.zip (48 KB) (includes NSIS-Unicode variant)
Well-known security identifiers in Windows operating systems

Description

Version: 1.0.8.1 (7th July 2014)

Supported on: WinNT4+.

The AccessControl plugin for NSIS provides a set of functions related to Windows NT access control list (ACL) management.

Usage Example

# Give ownership for file C:\test.txt to Waterloo\Mathias
  AccessControl::SetFileOwner \
    "C:\test.txt" "Waterloo\Mathias"
  Pop $0 ; "error" on errors
 
# Make the directory "$INSTDIR\database" read write accessible by all users
  AccessControl::GrantOnFile \
    "$INSTDIR\database" "(BU)" "GenericRead + GenericWrite"
  Pop $0
 
# Give all authentificated users (BUILTIN\Users) full access on
# the registry key HKEY_LOCAL_MACHINE\Software\Vendor\SomeApp
  AccessControl::GrantOnRegKey \
    HKLM "Software\Vendor\SomeApp" "(BU)" "FullAccess"
  Pop $0
 
# Same as above, but with a numeric string SID
  AccessControl::GrantOnRegKey \
    HKLM "Software\Vendor\SomeApp" "(S-1-5-32-545)" "FullAccess"
  Pop $0

Detailed usage instructions and a list of functions can be found in the package readme Docs\AccessControl\AccessControl.txt.

File and Directory Permission List

File Permissions

  • ReadData
  • WriteData
  • AppendData
  • ReadEA
  • WriteEA
  • Execute
  • ReadAttributes
  • WriteAttributes
  • Delete
  • ReadControl
  • WriteDAC
  • WriteOwner
  • Synchronize
  • FullAccess
  • GenericRead
  • GenericWrite
  • GenericExecute
  • NULL

Directory Permissions

  • ListDirectory
  • AddFile
  • AddSubdirectory
  • ReadEA
  • WriteEA
  • Traverse
  • DeleteChild
  • ReadAttributes
  • WriteAttributes
  • Delete
  • ReadControl
  • WriteDAC
  • WriteOwner
  • Synchronize
  • FullAccess
  • GenericRead
  • GenericWrite
  • GenericExecute
  • NULL

Registry Permissions

  • QueryValue
  • SetValue
  • CreateSubKey
  • EnumerateSubKeys
  • Notify
  • CreateLink
  • Delete
  • ReadControl
  • WriteDAC
  • WriteOwner
  • Synchronize
  • GenericRead
  • GenericWrite
  • GenericExecute
  • FullAccess
  • NULL

See also: File Security and Access Rights
See also: Set the append/modify flag for ACLs
Comment: The GenericWrite permission isn't the same like the one on the microsoft page.

Credits

Written by Mathias Hasselmann
NSIS-Unicode port by Olivier Marcoux
Major changes by Afrow UK
Win95/WinNT4 support and bugfixes by Anders