Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support a couple of different methods for checking file permissions #14

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

zb140
Copy link
Contributor

@zb140 zb140 commented May 31, 2019

  • GetEffectiveAccessMode returns an os.FileMode representing the permissions the file's owner, "group", and "Everyone" have, determined by calling GetEffectiveRightsFromAclW
  • GetExplicitAccessMode returns a FileMode for the permissions that have been explicitly granted to the owner, "group", and "Everyone" (for example by calling acl.Chmod first). These permissions are determined by reading the ACL entries with GetExplicitEntriesFromAclW

These values will differ if, for instance, no permissions have been explicitly granted.

…are set for a given file

  * GetEffectiveAccessMode returns an os.FileMode representing the permissions the file's owner, "group", and "Everyone" have, determined by calling GetEffectiveRightsFromAclW
  * GetExplicitAccessMode returns a FileMode for the permissions that have been explicitly granted to the owner, "group", and "Everyone" (for example by calling acl.Chmod first).  These permissions are determined by reading the ACL entries with GetExplicitEntriesFromAclW

These values will differ if, for instance, no permissions have been explicitly granted.
@zb140
Copy link
Contributor Author

zb140 commented Jun 28, 2019

@nathan-osman Do you have any questions or concerns I can address? I'd love to get this merged, because I'm working on some changes for another project that depend on it. Thanks!

@capnspacehook
Copy link

I just have to say, thanks so much for this, was exactly what I needed. You're my hero

@capnspacehook
Copy link

capnspacehook commented Jul 15, 2019

Hey @zb140 I'm having an issue with the code in this PR, on a Windows 10 box with default file permissions, I'm getting a '0700' file mode from 'C:\Users' when calling acl.GetEffectiveAccessMode. It should be '704', as Everyone has read permissions by default. I verified that the permissions were different by checking with Windows Explorer and icacls.

@zb140
Copy link
Contributor Author

zb140 commented Jul 15, 2019

@capnspacehook Huh, that's odd. It's supposed to be a pretty transparent pass-through to GetEffectiveRightsFromAclW but there could certainly be bugs. I'm on an airplane right now so I won't have a chance to investigate until at least tomorrow, but I'll see what I can find.

@capnspacehook
Copy link

It may not be your code; from some research I did it seems that GetEffectiveRightsFromAcl itself may be unreliable on some situations. Not completely sure though.

@zb140
Copy link
Contributor Author

zb140 commented Jul 17, 2019

@capnspacehook This actually seems to be working on my system. I put together this simple test program:

package main

import (
	"fmt"
	"os"
	"path/filepath"
	"strconv"

	"github.com/hectane/go-acl"
)

func main() {
	path, err := filepath.Abs(os.Args[1])
	if err != nil {
		panic(err)
	}

	if len(os.Args) == 3 {
		newmode, err := strconv.ParseInt(os.Args[2], 8, 0)

		if err == nil {
			fmt.Printf("Changing mode to %o\n", newmode&0777)
			err = acl.Chmod(path, os.FileMode(newmode&0777))
			if err != nil {
				panic(err)
			}
		}
	}

	mode, err := acl.GetEffectiveAccessMode(path)
	if err != nil {
		panic(err)
	}

	fmt.Printf("effective mode = %v (%04o)\n", mode, uint(mode))

	mode, err = acl.GetExplicitAccessMode(path)
	if err != nil {
		panic(err)
	}

	fmt.Printf("explicit  mode = %v (%04o)\n", mode, uint(mode))
}

and this is what I got on my system:

go run acl.go c:\Users
effective mode = -rwxrwxr-x (0775)                                                                                                                                
explicit  mode = -rwx---r-x (0705)

Can you try this on your system and see if you get something different?

Also, you can read the ACL in Powershell like this:

(get-item c:\Users | get-acl).Access

This returns several results, including (for me):

FileSystemRights  : ReadAndExecute, Synchronize
AccessControlType : Allow
IdentityReference : Everyone
IsInherited       : False
InheritanceFlags  : None
PropagationFlags  : None

@twpayne
Copy link
Contributor

twpayne commented Sep 9, 2019

Can this be merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants