File security attributes getting screwed up on file copy - windows

I've a windows service that updates our product. It copies the product files into a temp directory, usually "C:\Windows\Temp", patches the binaries, and then uses MoveFileEx to copy the files back to the install directory on a reboot, usually "C:\Program Files\Product". The files in the install directory are inheriting their security attributes from the parent folder. After the copy, patch, and reboot, the files in the install directory are missing some ACLs. Specifically the files don't have the ACL for the Users group anymore so users can no longer run the program after the reboot.
Can anyone explain whats going on here? It seems that copying from the install directory to the temp directory, the files inherit the ACLs of the temp directory. On the MoveFileEx/Reboot, though, the files only inherit the ACLs that both the install and temp directories have in common.

In Windows if you copy a file the file takes on the ACLs of the destination directory. If you move a file the ACL goes with it overriding any it might inherit from that directory. I'm not sure how MoveFileEx might operate differently on a file.
The temp directory is usually located under the user profile (both %TMP% and %TEMP% usually point here) so copying files here will have permissions for that user. Moving those files to the program files directory will take only that users rights with them and therefore only runnable by the installing user.

One potential workaround is to patch copies of the files with-in the same directory but with different names. After the reboot, the patched versions could be swapped in. Alternatively, do a reboot first and then patch them in-place, and just back them up to the temp directory in the event a manual rollback is required.
If you really want to move them to a different location, creating a temp folder in the same place as the files to be patched would help the permissions stay the same assuming the directory is using inherited permissions.

Related

Why do I not have a .hgrc file?

I'm trying to insert the mercurial_keyring file with my username and password in the .hgrc file but it doesn't exist in my user directory on windows. I have tortoise hg installed and even checked if it was installed properly on the command prompt yet I still don't have the .hgrc folder.
Can anyone tell me what might be the reason to it?
Thanks
Because it's %USERPROFILE%\mercurial.ini
Mercurial reads configuration data from several files, if they exist.
These files do not exist by default and you will have to create the
appropriate configuration files yourself:
Local configuration is put into the per-repository /.hg/hgrc
file.
Global configuration like the username setting is typically put into:
%USERPROFILE%\mercurial.ini (on Windows)
The .hgrc files are not created automatically when you install Mercurial or TortoiseHg.
You will need to manually create it at the location you need whether that is within the repository's .hg folder or your own C:\Users\username\ folder.
You will probably need to use the command line to create the file as it's not usually possible to create filenames that start with . in Windows Explorer.
https://www.selenic.com/mercurial/hgrc.5.html

What is a usual workflow for dealing with shared files with capistrano?

My .csv recreates on every release, and, as I understand, to keep its data unchanged between deploys I need to put it in /shared directory and simlink to it from my deploy.rb.
Is this the right route? (I have this question because I don't seem to find much info on how to do this with respect to, eg, databases, for some reason. /shared directory is mostly used for .conf files and paperclip-like directories).
When using capistrano, your application code will be "uploaded" to some directory on the server. Capistrano uses this structure:
/path_to_folder:
current - symlink to the directory with the current release
releases - contains all kept releases
shared - files that should persist between releases
So to your question - copy the .csv file somewhere into "shared" directory and then in the config/deploy.rb add this:
namespace :deploy do
task :create_symlinks do
run "ln -s #{shared_path}/something.csv #{latest_release}/db/something.csv"
end
end
after 'deploy:update_code', 'deploy:create_symlinks'
Replace "something" with the file name that you copied. You can also put the csv file into some directory under "shared" if you want to, I'd use "db" in this case. If you do so, don't forget to update path in the symlink.

Windows directory with no permissions

I accidentally removed all permissions from a directory on a Windows 2008 server. I can see the directory when listing contents of its parent both through Windows Explorer and DOS, but I can't do anything else. No matter what I try, the system essentially acts like I'm trying to work with a directory that doesn't exist. Trying to change the permissions through Windows Explorer yields a message that the security information is not available (on the Security tab). I've also tried takeown and modifying permissions with icacls, both of which report file not found. My account is part of the Administrators group. The account that created the folder (the owner before I messed up the permissions) can't even see the directory when listing contents of its parent. dir /q reports the owner of the directory as "...". Is there anything that can be done here or is this directory lost?
The solution here was to log in using the local administrator account and run takeown /F on the directory in question. From there, I was able to reset the permissions of the directory and all of its contents.

error when i want to save java file in jdk/bin

when i save java file error is you dont have permission to save in this location contact the administrator to obtain permission on window7
Don't store application data in the "Program Files" directory.
It is very bad design and regular users don't have write access to that directory (for a very good reason).
So even if you changed your settings locally to open up the door for viruses your application won't run on other computers.
Besides: storing a Java file in the JDK directory serves no purpose at all.
Btw: your uppercase letters are broken, as well as the dot or the comma...
That's normal - jdk/bin is the installation directory of the JDK, regular users cannot (and should not) write files there. You'll have the same problem on Linux/Unix and on Mac OS X, where installation directories are off-limits to regular users.
Write your files to the users home directory (System property "user.home", works across platforms), or let the user choose where you save stuff.
Bin directory do not allow directly to save program in it.
it is so simple, just save your .java file on desktop and then copy paste it in Bin. done ;)
If the file can't save directly to c:\program files\java\jdk1.8.0\bin\
Solution:-
Click start Menu type Notepad command in run run as administrator
Right click the Notepad run as Administrator, then type the program file can save directly to c:\program files\java\jdk1.8.0\bin\
Just try it......

Extra Copy of New Rsync Files

I am attempting to mirror a directory on a remote server using rsync. However, I would like a copy of all newly created files to be stored in a separate directory on the local machine.
For example, if a new file is added on the remote server, I would like it to mirror regularly (for example, to ~/mirror), but save an additional copy of only the new file in another folder, (for example, ~/staging). To be clear, only the new files should appear in staging.
My first approach was to allow rsync to update the timestamps, and then use that to make a copy. However, I would now like to preserve timestamps.
Can anyone provide ideas on a simple approach? I am open to use of additional utilities other than rsync.
You might consider making hardlinks in the extra directory.
ln --force --target-directory=~/staging ~/mirror/*
Edit:
If this is a Linux system, incron will trigger on inotify events and would allow you to make copies of files as they are added to a directory you specify.

Resources