I have the following scenario where I (admin) applied the (DE,W) deny permissions to the following folder test_folder for test_user who already has inherited modify permissions from parent folder:
B:\>icacls test_folder
test_folder test_user:(I)(OI)(CI)(M)
admin:(I)(OI)(CI)(M)
B:\>icacls test_folder /deny test_user:(DE,W)
B:\>icacls test_folder
test_folder test_user:(DENY)(W,D)
test_user:(I)(OI)(CI)(M)
admin:(I)(OI)(CI)(M)
The end result I would expected is test_user being able to have read/execute access to test_folder without being able to delete/rename the folder and add folders/files to it.
However, the result was test_folder not being visible to test_user at all. The test_folder is still visible to me (admin).
While I deny only DE however:
B:\>icacls test_folder
test_folder test_user:(I)(OI)(CI)(M)
admin:(I)(OI)(CI)(M)
B:\>icacls test_folder /deny test_user:(DE)
B:\>icacls test_folder
test_folder test_user:(DENY)(D)
test_user:(I)(OI)(CI)(M)
admin:(I)(OI)(CI)(M)
test_user was able to see test_folder. So somehow W is causing an issue.
Any idea why this is happening?
Related
I have an electron app on Mac with full disk permissions. I am using fs to make a directory in a protected folder, and copy files from a temp folder to the new directory.
When using fs.copy, I periodically get two different types of errors:
If the directory already exists and is owned by the user:
EPERM errors (operation not permitted, unlink xxx) when attempting to overwrite the existing directory, specifically when replacing a manifest.json file. This is very intermittent.
If the directory does not exist or is owned by root:
EACCES errors when attempting to make the directory or copy files to the new location.
Code:
[...Array(sourceDirs.length).keys()].map(async (idx) => {
try {
await fs.ensureDir(destPaths[idx]);
}
catch (e) {
console.log('Directory does not exist and could not be created');
}
try {
await fs.copy(sourceDirs[idx], destPaths[idx]);
}
catch (e) {
console.log('Copy error:', e);
}
});
After some more research, I determined that the directory's R/W permissions varied based on what entity created the directory. Some elements of the directory and its children were owned by root, and everyone only had read permissions, while other folders were owned by everyone and had write permissions.
Programmatically, the only way to solve this was by spawning a chmod command with sudo to update the permissions. In my case, there isn't any issue with taking ownership of the directory.
I'm working on a capistrano deployment configuration and would like to set the shared folder on another place. Background is, that I want to use a wildcard deployment (review app) and the target directory will be generated on-the-fly (which means, there isn't a shared folder in it) and I would use the shared folder with the assets across ALL review apps in this environment.
Therefore I have directories on the server:
/var/www/review/application_name
/var/www/review/application_name/shared/... (here are the assets and configurations I would like to share across ALL review apps)
/var/www/review/application_name/branch-name/ - this is the deployment path which will be created by capistrano when deploying a specific branch to the review stage.
I have used shared_path
set :shared_path, "/var/www/review/#{fetch(:application)}"
which works fine for the linked_dirs, but NOT for the linked_files. I get the error message:
00:01 deploy:check:linked_files
ERROR linked file /var/www/review/www.app.tld/123/shared/myfile does not exist on review.app.tld
which is true - but I don't know how to tell cap to put it in place. Of course the named file is in the shared folder
/var/www/review/www.app.tld/shared/
but capistrano seems to search on the wrong place when trying to check the linked_files (again: the linked_dirs are processed correct).
Any hints? Thanks in advance!
The shared_path is not something you can configure directly. Using set will not have any effect.
The shared path in Capistrano is always a directory named shared inside your :deploy_to location. Therefore if you want to change the shared path, you must set :deploy_to, like so:
set :deploy_to, -> { "/var/www/review/#{fetch(:application)}" }
This will effectively cause shared_path to become:
"/var/www/review/#{fetch(:application)}/shared"
Keep in mind that :deploy_to is used as the base directory for many things: releases, repo, current, etc. So if you change :deploy_to you will affect all of them.
If your :application variable is defined at some later point, or changed, you'll need to set to a deferred variable:
set :shared_path, -> { "/var/www/review/#{fetch(:application)}" }
This evaluates that string on-demand instead of in advance.
I'm trying to change the permission of a file that is installed in Cmake, and it's not working. I seem to be doing what they discuss at discussion of permission changing , the permission is just wrong on the file the first time I edit it and it fails to apply the change (then it fixes it's own permission magically for the next time I save it).
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/${PROJECT_NAME}.vcxproj.in
${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.vcxproj)
file(COPY ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.vcxproj
DESTINATION ${CMAKE_CURRENT_BINARY_DIR}
FILE_PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
)
I tried doing it like install but get an error message .... Doing this at install had an error msg saying the file didn't exist, but it was showing the location that the file was supposed to be at. Maybe it wasn't installed at that point yet.
Thanks to #Tsyvarev discussions, we determined that the configure had to put the file in a different location than the copy was getting it from for the permissions change to work so I added a temp dir:
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/${PROJECT_NAME}.vcxproj.in
${CMAKE_CURRENT_BINARY_DIR}/temp/${PROJECT_NAME}.vcxproj)
file(COPY ${CMAKE_CURRENT_BINARY_DIR}/temp/${PROJECT_NAME}.vcxproj DESTINATION ${CMAKE_CURRENT_BINARY_DIR}
FILE_PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
)
I'm trying to use CodeDeploy's permission handling stuff to deploy a Laravel app but I'm constantly getting a message saying /home/tether/storage/app has duplicate permissions. To my eyes, it looks like the except should make it only one rule.
yaml
permissions:
- object: /home/tether
pattern: "**"
except: [
storage,
storage/app,
storage/framework,
storage/framework/cache,
storage/framework/sessions,
storage/framework/views,
storage/framework,
storage/logs
]
owner: tether
group: tether
- object: /home/tether/storage
pattern: "**"
owner: tether
group: tether
mode: 755
type:
- directory
Can you try adding
type:
- directory
to your /home/tether object? That way the codedeploy-agent would exclude the files listed under that directory (in the exception list) while setting permissions.
I'm currently using Inno Setup Compiler to create an installer for Windows and everything is working fine except when I try to include a folder to the exe. In other words what I want is to be able to include a folder with two files in it, I want this folder to appear right where the .exe file is (C:\Program Files x86\appFolder) when the program is installed.
Inno has an option to add folders but for some reason when I select the folder with the two files I want, it compiles fine but when I actually install the program it actually adds the two files but not the folder.
I found the following line of code online and I used it but it actually included some folders that I didn't want. The problem I have with this line of code is that I don't fully understand it, I don't know where the folder path should be? What is Exlude: "Setup.iss,generated_images\"
Source: "*.*"; Excludes: "Setup.iss,generated_images\*"; DestDir: "{app}"; Flags:replacesameversion recursesubdirs
Can someone be so kind an explain this line of code?
Thanks
From your comments (as you haven;t actually shown all the code you're talking about), I guess you are doing something like:
[Files]
Source: "blah.exe"; DestDir: "{app}"; Flags:replacesameversion
Source: "subfolder\*.*"; DestDir: "{app}"; Flags:replacesameversion
In this case, it is copying the contents of subfolder to {app}.
If you want to copy it and keep the sub directory, specify the directory itself:
[Files]
Source: "blah.exe"; DestDir: "{app}"; Flags: replacesameversion
Source: "subfolder"; DestDir: "{app}"; Flags: replacesameversion recursesubdirs
Or specify an explicit destination directory:
[Files]
Source: "blah.exe"; DestDir: "{app}"; Flags:replacesameversion
Source: "subfolder\*.*"; DestDir: "{app}\subfolder"; Flags:replacesameversion
I was having a similar problem:
I have this folder among other things:
.\WorkFolder\MyEmptyFolder\
I want on installed system this:
.\PathToExe\Name.exe
.\PathToExe\MyEmptyFolder\
If folder is not empty it works, but sometimes i need empty folder.
I am using this line:
Source: .\WorkFolder\MyEmptyFolder\*; DestDir: {app}\MyEmptyFolder; Flags: ignoreversion recursesubdirs createallsubdirs
What i want script to do is (without need to re-write the script every time):
If folder is empty, then on installed the folder will be empty but exists
If folder has files and/or subfolders, then on installed the folder will exists and have that content
My problem is when it is empty, script ends with an error telling there is no files on it. It does not understand i want that folder and all what on it could be at that moment.
Thanks for the ideas, i try them and got the solution, here it is:
First ensure the folder will be created (if has no files with Files section it does not create it):
[Dirs]
Name: {app}\; Permissions: users-modify
Name: {group}\; Permissions: users-modify
Name: {app}\MyEmptyFolder\; Permissions: users-modify
Next edit the line on Files section to include "skipifsourcedoesntexist":
Source: .\WorkFolder\MyEmptyFolder\*; DestDir: {app}\MyEmptyFolder; Flags: ignoreversion recursesubdirs createallsubdirs skipifsourcedoesntexist
And it does what i want: Include such folder and all what is on it, no matter if folder is empty or not, script will not end with an error if it is empty.
How this works?
Easy trick: if folder is empty, file section line would fail and script will end with an error, but with skipifsourcedoesntexist it avoid that, but that would make such folder not exist, that is the reason why i add such folder on Dirs section, to ensure it is allways created.
Hope this helps other not getting mad !
while making the setup file Inno SETUP....Click on new folder,click on the url,then click on edit and name the subfolder which you want to include in installation folder.