Fixed rights on tray-monitor.conf

When limiting the access to the config files to admin only we also did this to the tray-monitor configuration file. Of course this is wrong, as the traymon is started as normal user. This patch fixes this and sets the tray-monitor.conf file ownership and access rights to the group "users". Signed-off-by: Marco van Wieringen <marco.van.wieringen@bareos.com>
bareos · Feb 17, 2015 · 42433b3 · 42433b3
1 parent 5668c4d
commit 42433b3
Showing 1 changed file with 60 additions and 23 deletions.
diff --git a/platforms/win32/winbareos.nsi b/platforms/win32/winbareos.nsi
@@ -182,32 +182,69 @@ FunctionEnd
   ${EndIf}
  CreateShortCut "$SMPROGRAMS\${PRODUCT_NAME}\Edit ${fname}.lnk" "write.exe" '"$APPDATA\${PRODUCT_NAME}\${fname}"'
 
-# disable file access inheritance
- AccessControl::DisableFileInheritance "$APPDATA\${PRODUCT_NAME}\${fname}"
- Pop $R0
- DetailPrint `AccessControl result: $R0`
- ${If} $R0 == error
+
+# for traymonitor.conf, set access and ownership to users
+${If} ${fname} == "tray-monitor.conf"
+
+    # disable file access inheritance
+    AccessControl::DisableFileInheritance "$APPDATA\${PRODUCT_NAME}\${fname}"
+    Pop $R0
+    DetailPrint `AccessControl result: $R0`
+    ${If} $R0 == error
+       Pop $R0
+       DetailPrint `AccessControl error: $R0`
+    ${EndIf}
+
+    # set file owner to administrator
+    AccessControl::SetFileOwner "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-545)"  # user
+    Pop $R0
+    DetailPrint `AccessControl result: $R0`
+    ${If} $R0 == error
+       Pop $R0
+       DetailPrint `AccessControl error: $R0`
+    ${EndIf}
+
+    # set fullaccess only for administrators (S-1-5-32-544)
+    AccessControl::ClearOnFile "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-545)" "FullAccess"
+    Pop $R0
+    DetailPrint `AccessControl result: $R0`
+    ${If} $R0 == error
+       Pop $R0
+       DetailPrint `AccessControl error: $R0`
+    ${EndIf}
+
+
+# all other config files admin owner and only access
+${Else}
+    # disable file access inheritance
+    AccessControl::DisableFileInheritance "$APPDATA\${PRODUCT_NAME}\${fname}"
     Pop $R0
-    DetailPrint `AccessControl error: $R0`
- ${EndIf}
-
-# set file owner to administrator
- AccessControl::SetFileOwner "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-544)"  # administratoren
- Pop $R0
- DetailPrint `AccessControl result: $R0`
- ${If} $R0 == error
+    DetailPrint `AccessControl result: $R0`
+    ${If} $R0 == error
+       Pop $R0
+       DetailPrint `AccessControl error: $R0`
+    ${EndIf}
+
+    # set file owner to administrator
+    AccessControl::SetFileOwner "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-544)"  # administratoren
     Pop $R0
-    DetailPrint `AccessControl error: $R0`
- ${EndIf}
-
-# set fullaccess only for administrators (S-1-5-32-544)
- AccessControl::ClearOnFile "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-544)" "FullAccess"
- Pop $R0
- DetailPrint `AccessControl result: $R0`
- ${If} $R0 == error
+    DetailPrint `AccessControl result: $R0`
+    ${If} $R0 == error
+       Pop $R0
+       DetailPrint `AccessControl error: $R0`
+    ${EndIf}
+
+    # set fullaccess only for administrators (S-1-5-32-544)
+    AccessControl::ClearOnFile "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-544)" "FullAccess"
     Pop $R0
-    DetailPrint `AccessControl error: $R0`
- ${EndIf}
+    DetailPrint `AccessControl result: $R0`
+    ${If} $R0 == error
+       Pop $R0
+       DetailPrint `AccessControl error: $R0`
+    ${EndIf}
+
+${EndIf}
+
 !macroend