Explicitly set ACEs for Chocolatey's default folder installation to
Administrators, removing inherited permissions and ensuring container
and object inheritance flow from explicit ACE settings.
Only remove inheritance for the default install folder, if being
installed elsewhere, leave inherited permissions alone.
Additionally, only set the current user to have modify access if there
is an environment variable set to allow this behavior -
Based on conversations and code examples from @jberezanski. Jakub wrote
the Get-LocalizedWellKnownPrincipalName to return the localized user
name for Well-Known SIDS.
Adding to the changes in 680dc88, further secure down the default
Chocolatey installation directory.
- If not the default install path, do not make any changes. Issue a
warning so the user knows they need to secure their own install
For the default install path:
- If not being run from an administrative context, throw. Do not allow
- Remove existing explicit permissions
- Change the owner to Administrators
This work is the result of a continued conversation with @jberezanski
and thanks goes to Jakub in providing some of this code and testing the
installation for security holes.