From 42433b39fdfc75d72867631781a932cf7bd6ea9f Mon Sep 17 00:00:00 2001 From: Philipp Storz Date: Mon, 9 Sep 2013 10:42:32 +0200 Subject: [PATCH] Fixed rights on tray-monitor.conf When limiting the access to the config files to admin only we also did this to the tray-monitor configuration file. Of course this is wrong, as the traymon is started as normal user. This patch fixes this and sets the tray-monitor.conf file ownership and access rights to the group "users". Signed-off-by: Marco van Wieringen --- platforms/win32/winbareos.nsi | 83 +++++++++++++++++++++++++---------- 1 file changed, 60 insertions(+), 23 deletions(-) diff --git a/platforms/win32/winbareos.nsi b/platforms/win32/winbareos.nsi index 93243de89fb..12fe4f7aa9b 100644 --- a/platforms/win32/winbareos.nsi +++ b/platforms/win32/winbareos.nsi @@ -182,32 +182,69 @@ FunctionEnd ${EndIf} CreateShortCut "$SMPROGRAMS\${PRODUCT_NAME}\Edit ${fname}.lnk" "write.exe" '"$APPDATA\${PRODUCT_NAME}\${fname}"' -# disable file access inheritance - AccessControl::DisableFileInheritance "$APPDATA\${PRODUCT_NAME}\${fname}" - Pop $R0 - DetailPrint `AccessControl result: $R0` - ${If} $R0 == error + +# for traymonitor.conf, set access and ownership to users +${If} ${fname} == "tray-monitor.conf" + + # disable file access inheritance + AccessControl::DisableFileInheritance "$APPDATA\${PRODUCT_NAME}\${fname}" + Pop $R0 + DetailPrint `AccessControl result: $R0` + ${If} $R0 == error + Pop $R0 + DetailPrint `AccessControl error: $R0` + ${EndIf} + + # set file owner to administrator + AccessControl::SetFileOwner "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-545)" # user + Pop $R0 + DetailPrint `AccessControl result: $R0` + ${If} $R0 == error + Pop $R0 + DetailPrint `AccessControl error: $R0` + ${EndIf} + + # set fullaccess only for administrators (S-1-5-32-544) + AccessControl::ClearOnFile "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-545)" "FullAccess" + Pop $R0 + DetailPrint `AccessControl result: $R0` + ${If} $R0 == error + Pop $R0 + DetailPrint `AccessControl error: $R0` + ${EndIf} + + +# all other config files admin owner and only access +${Else} + # disable file access inheritance + AccessControl::DisableFileInheritance "$APPDATA\${PRODUCT_NAME}\${fname}" Pop $R0 - DetailPrint `AccessControl error: $R0` - ${EndIf} - -# set file owner to administrator - AccessControl::SetFileOwner "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-544)" # administratoren - Pop $R0 - DetailPrint `AccessControl result: $R0` - ${If} $R0 == error + DetailPrint `AccessControl result: $R0` + ${If} $R0 == error + Pop $R0 + DetailPrint `AccessControl error: $R0` + ${EndIf} + + # set file owner to administrator + AccessControl::SetFileOwner "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-544)" # administratoren Pop $R0 - DetailPrint `AccessControl error: $R0` - ${EndIf} - -# set fullaccess only for administrators (S-1-5-32-544) - AccessControl::ClearOnFile "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-544)" "FullAccess" - Pop $R0 - DetailPrint `AccessControl result: $R0` - ${If} $R0 == error + DetailPrint `AccessControl result: $R0` + ${If} $R0 == error + Pop $R0 + DetailPrint `AccessControl error: $R0` + ${EndIf} + + # set fullaccess only for administrators (S-1-5-32-544) + AccessControl::ClearOnFile "$APPDATA\${PRODUCT_NAME}\${fname}" "(S-1-5-32-544)" "FullAccess" Pop $R0 - DetailPrint `AccessControl error: $R0` - ${EndIf} + DetailPrint `AccessControl result: $R0` + ${If} $R0 == error + Pop $R0 + DetailPrint `AccessControl error: $R0` + ${EndIf} + +${EndIf} + !macroend