I am reading and then modifying some data in a file that is located in the Windows program files folder.
Because of this the file does not have write permissions. So I receive an error when trying to write to it.
When manually giving write permissions to the folder containing the file, the script will work.
Is it possible to modify a folders permissions within a Lua script, or write to a file regardless of it's permissions? Or can this only be done manually from the File Explorer?
This is my current section of code that is re-writing the inputFile:
k=0
updatefile = io.open(inputFile,"w")
for k=1,i do
updatefile:write(modfilecontent[k] .. '\n') --This is where I'm blocked by permissions
end
updatefile:close()
Also if there is a solution possible, and I load this script onto another persons computer that does not have admin privileges would the solution still work?
EDIT:
Piglet's solution will work using the os.execute method to change privileges.
As long as the software, that the plug-in is being used in, is ran as admin the first time the permissions will be set. From then on you no longer need to run as admin.
Below is the code that I needed to add to the beginning of the program, minus the brackets of course
os.execute('icacls "C:\\Program Files\\[software name]\\[folder name]" /grant Everyone:(OI)(CI)F /T')
You could use os.execute to run the appropriate Windows command.
See How to grant permission to users for a directory using command line in Windows?
Alternatively use a library that supports stuff like this. Maybe checkout
https://keplerproject.github.io/luafilesystem/manual.html
Also if there is a solution possible, and I load this script onto
another persons computer that does not have admin privileges would the
solution still work?
As that person wouldn't be able to run Lua as administrator that is very unlikely. That would completly defy the purpose of different user levels.
Related
Good morning,
I'm trying to verify if a batch is executed with administrator permission.
I found this command to verify:
openfiles >nul 2>&1
if NOT %errorLevel% == 0
...
or net session instead of openfiles.
Everything works if I open command prompt as administrator and return an error if I use normal command prompt.
The problem appears when i try to execute two batch in a single elevated permissions command prompt;
The first batch is executed correctly, the second return permissions error.
what am i doing wrong?
It's not as compact as the method you're using, but another method I've successfully used numerous times in the past is as follows:
IF EXIST %SYSTEMROOT%\SYSTEM32\WDI\LOGFILES GOTO GOTADMIN
[Whatever commands you want to run if not running as admin]
:GOTADMIN
[Whatever commands you want to run if running as admin]
This works because, by default, Windows only allows access to the WDI directory with elevated permissions. Thus, by telling the script to look inside that directory for another directory that is supposed to exist, it can be used to detect whether it's running as admin or not. If yes, it'll see that LOGFILES exists and return True. If no, it won't be allowed access to the WDI files, therefore it won't see that LOGFILES exists and will return False.
Admittedly, this only works if the default security permissions on the WDI directory have not been changed, but from my experience it is highly unlikely these permissions would have been changed in most installations. It also requires that the LOGFILES directory inside of the WDI directory has not been deleted or renamed, but I find this highly unlikely to occur since it is an integral part of the WDI directory's purpose.
I have tested and confirmed this to work on Windows 7, 8, 8.1 and 10. I have not tested it on Vista, but I would assume it works because of how similar Vista is to 7. Obviously there's no benefit in using this method on XP since all command prompts by default are run at maximum elevation on that version of Windows.
I'm not much of a Perl developer but I need it to make triggers for perforce.
So this is the background:
I have a windows service that runs as admin that calls the Perl script on windows.
The script needs to create a file on a network storage which is both configured to work with windows and UNIX permissions\security types.
Since the user that is running the script is an admin user all folders and files that it creates under all directories are no inheriting the directories permissions but makes it editable only to root.
What I try to do is create the file and than chmod it to the parent folder's "stat" results.
my ($perms, $uid, $gid) = (stat $ParentDirFullPath)[2, 4, 5];
$perms = sprintf("%04o", $perms & 0777);
chmod($perms, $NewFileFullPath);
The problem is that stat command on windows dosen't get the unix\gid and unix\uid + the chmod command is not really supported.
I looked into the file::stat module to find a way for displaying windows permissions(since they are present there too) to take them and apply them with a command that I didn't test yet that should be probably under the module Win32::FileSecurity.
I didn't find a way to get the permissions from there(I get stat=ARRAY(0x46d0f8)).
Any ideas or suggestions?
TL;DR:("How to?" question) Running Perl script on windows that takes parent folder permissions and applies them on a file that the scripts creates in the network storage that supports both Windows and Unix security/permissions types(the permissions that I want to apply are windows like permissions for groups and users).
Edit:
I tried the next code:
use Win32::FileSecurity qw(Get EnumerateRights);
use Win32;
my $dir1 = "\\\\NetworkStorage\\home\\user1";
my $dir2 = "\\\\NetworkStorage\\home\\user1\\PerlFileSecTest";
my %permissions;
Win32::FileSecurity::Get($dir1, \%permissions);
Win32::FileSecurity::Set($dir2, \%permissions);
And I get the next error:
S-1-5-11-2038111172-1292333386-11111-20315(this is not an original number and it changes this is unix FS user identifier that the AD knows how to parse)
Error handling error: 1332, LookupAccountName.
So it looks like the FileSecurity can't handle that user identifier that is coming from the unix based storage that supports both unixfs and NTFS.
This is strange because when I choose a folder for example and do "right click -> properties -> security tab" I see the numbers and then they are parsed to unixUid\user1 etc...
Any idea how to solve it?
Specifically for my case where the issue was the mixed mode on the network drive I found the next solution to be good enough for me.
I call the "icacls" system command and set permissions manually for the domain users from the folder above.
my $error = system("icacls $CreatedDir /grant domain\\user:(OI)(CI)F /T");
The code above gives full recursive permissions for the user to the folder that was created by the service with the admin user(which caused the folder to be locked only for the rood or admin user in our configuration).
Note that the command above doesn't override existing permissions but it was good enough for me.
So eventually I end up with a folder and files that are accessible to the user that called the specific service which runs with admin user.
Example:
In Linux we can put the desired commands in a file and give it executable permissions. This helps us to actually run the file on the terminal and thus all the commands inside the file get automatically executed.
How to achieve this on Windows XP?
Same thing, but it's called a batch file, extension is .bat. You can also double-click to run these. This site is a great resource.
I have created a shell .command on Mac OS X that I would like to distribute. Based on my testing, you can't execute the .command file by double clicking without changing permissions first ( making executable. ) I don't want users to use the terminal and change permissions, it's too hard for them.
The shell script creates a folder structure for a project, based on where the script is. It needs to be able to run anywhere the user puts it.
The research I have done indicates that I need to use an Apple script to run the file to prompt for the user's password to get around permissions.
Any advice on how to do this?
Distribute the file either by zip or DMG - props Thilo.
I want to see what resources are available to my application's embedded Lua VM via the os.execute functionality.
echo text > c:\foo.txt
Non-privileged users can't create files on the system's drive root (as well as other system folders). Just one example out of many possible...
You can also try to run regedit.exe. As a regular user, you'll be denied.