Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--scope machine for zip install type incorrectly inherits permissions #4496

Open
playday3008 opened this issue May 20, 2024 · 2 comments
Open

--scope machine for zip install type incorrectly inherits permissions #4496

playday3008 opened this issue May 20, 2024 · 2 comments
Labels
Command-Install Issue related to WinGet Install Issue-Bug It either shouldn't be doing this or needs an investigation. Portable Issue related to portable package

Comments

@playday3008
Copy link

playday3008 commented May 20, 2024
edited
Loading

Brief description of your issue

Using zigtools.zls as an example.
Folder where winget unpacks files itself have correct permissions, but all files inside that folder, doesn't.
Files and folders inside will incorrectly inherit (or do not inherit at all, IDK) permissions.

That will cause for non admin users inability to access/use anything what was installed in “machine” scope, which breaks whole purpose of installing machine-wide

Steps to reproduce

winget install --scope machine -e --id zigtools.zls

Expected behavior

Full permission inheritance (achieved manually by disabling and enabling back inheritance):
image

Actual behavior

Partial permission inheritance:
image

Environment

Windows Package Manager v1.7.11261
Copyright (c) Microsoft Corporation. All rights reserved.

Windows: Windows.Desktop v10.0.22631.3593
System Architecture: X64
Package: Microsoft.DesktopAppInstaller v1.22.11261.0

Winget Directories
-----------------------------------------------------------------------------------------------------------------------
Logs                               %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\Diag…
User Settings                      %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\sett…
Portable Links Directory (User)    %LOCALAPPDATA%\Microsoft\WinGet\Links
Portable Links Directory (Machine) C:\Program Files\WinGet\Links
Portable Package Root (User)       %LOCALAPPDATA%\Microsoft\WinGet\Packages
Portable Package Root              C:\Program Files\WinGet\Packages
Portable Package Root (x86)        C:\Program Files (x86)\WinGet\Packages
Installer Downloads                %USERPROFILE%\Downloads

Links
---------------------------------------------------------------------------
Privacy Statement   https://aka.ms/winget-privacy
License Agreement   https://aka.ms/winget-license
Third Party Notices https://aka.ms/winget-3rdPartyNotice
Homepage            https://aka.ms/winget
Windows Store Terms https://www.microsoft.com/en-us/storedocs/terms-of-sale

Admin Setting                             State
--------------------------------------------------
LocalManifestFiles                        Disabled
BypassCertificatePinningForMicrosoftStore Disabled
InstallerHashOverride                     Disabled
LocalArchiveMalwareScanOverride           Disabled
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs-Triage Issue need to be triaged label May 20, 2024
@github-actions GitHub Actions
Copy link

Hi I'm an AI powered bot that finds similar issues based off the issue title.

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it. Thank you!

Open similar issues:

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

@playday3008
Copy link
Author

playday3008 commented May 20, 2024
edited
Loading

How to fix for those who wonder

Manually

Steps (using my example):

  1. Right click on folder C:\Program Files\WinGet\Packages\zigtools.zls_Microsoft.Winget.Source_8wekyb3d8bbwe.
  2. Click Security tab.
  3. Click Advanced button.
  4. Click Change permissions button.
  5. Check checkbox Replace all child object permission entries with inheritable permission entries from this object.
  6. Click OK button.
  7. Confirm by clicking Yes.
  8. Click OK button.

PowerShell

$winget_machine_package_roots = $(winget --info) -match '^Portable Package Root (?:\(x86\))? +(.+)$'
$winget_machine_package_roots = $winget_machine_package_roots | Select-String '^Portable Package Root (?:\(x86\))? +(.+)$'
$winget_machine_package_roots = $winget_machine_package_roots | ForEach-Object {$_.Matches.Groups[1].Value}
$winget_machine_package_roots | ForEach-Object {
    $acl = Get-Acl $_
    $acl.SetAccessRuleProtection($true, $true)
    Get-ChildItem -Path $_ -Directory | ForEach-Object {
        Set-Acl -Path $_.FullName -AclObject $acl
    }
}

@denelon denelon added Issue-Bug It either shouldn't be doing this or needs an investigation. Command-Install Issue related to WinGet Install Portable Issue related to portable package and removed Needs-Triage Issue need to be triaged labels May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Command-Install Issue related to WinGet Install Issue-Bug It either shouldn't be doing this or needs an investigation. Portable Issue related to portable package
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@playday3008 @denelon