-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Write permission for Users to global persist dir #2524
Conversation
files have lines containing trailing whitespace. |
This will fail on a German PC 😁
Output of
It only works by setting the user to
|
??! I had thought these user/group names are all the same. Never see differences on a Chinese PC etc. I think I need to find a way to get the actual |
Found a solution https://stackoverflow.com/questions/40587096/set-output-language-of-get-acl#40588213 |
Call: # persist data
persist_data $manifest $original_dir $persist_dir
persist_permission $manifest $global Function: # check whether write permission for Users usergroup is set to global persist dir, if not then set
function persist_permission($manifest, $global) {
if ($manifest.persist -and !$global) {
return
}
$path = persistdir $null $global
$user = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-545'
$target_rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user, 'Write', 'ObjectInherit', 'none', 'Allow')
$acl = Get-Acl -Path $path
$acl.SetAccessRule($target_rule)
$acl | Set-Acl -Path $path
} Edit: Fixed the persistence and global check |
though it seems a little long..
Fixed the code (See above) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
...
lib/install.ps1
Outdated
if ($persist -and $global) { | ||
$path = "$(basedir $global)\persist" | ||
$user = -join ([System.Environment]::MachineName, '\', | ||
(([System.Security.Principal.SecurityIdentifier]'S-1-5-32-545').Translate([System.Security.Principal.NTAccount])).Value) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would result in: R15CH13-PC\VORDEFINIERT\Benutzer
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, sorry, I wrongly took domain name as computer name before.
(((Sorry, I don't know coding, and actually copy codes in function persist_permission
from here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The important part is "testing"
I just installed and uninstalled notepad++ with these changes about 30 times now 😁
@r15ch13 Checking permission seems no problem for me: ❯ $path = $PWD
❯ $path
Path
----
C:\Users\Retia\Git\Retia-Adolf
❯ $user = [System.Security.Principal.SecurityIdentifier]'S-1-5-32-545'
❯ $Rights = "Write"
❯ $InheritSettings = "ObjectInherit"
❯ $PropogationSettings = "none"
❯ $RuleType = "Allow"
❯ $acl = Get-Acl -Path $PWD
❯ $perm = $user, $Rights, $InheritSettings, $PropogationSettings, $RuleType
❯ $targetRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $perm
❯ $isSet = $true
❯ ForEach ($existRule in $acl) {
>> $isSet = ($existRule -match $targetRule) -and $isSet
>> }
❯ $isSet
False So $isSet = $true
ForEach ($existRule in $acl) {
$isSet = ($existRule -match $targetRule) -and $isSet
}
if (!$isSet) {
$acl.SetAccessRule($targetRule)
$acl | Set-Acl -Path $path
} |
This can't work, because it should be ForEach ($existRule in $acl.Accesss) {
debug ($existRule -match $target_rule)
$isSet = ($existRule -match $target_rule) -and $isSet
}
if (!$isSet) {
debug "SetAccessRule"
$acl.SetAccessRule($target_rule)
$acl | Set-Acl -Path $path
} |
Thanks for explaining |
|
@r15ch13 Everything works fine now 😍 |
Oops, I didn't consider the case that standard user installs app into a custom global app's directory. But just wondering if you don't have rights to modify permission, isn't it impossible to add system environment variable? |
ScoopInstaller/Extras#1124