From 1b3b6525a4313404af84fce0fbbc29695e664f73 Mon Sep 17 00:00:00 2001 From: George Roman Date: Sat, 7 Jul 2018 16:23:07 +0300 Subject: Update the behavior of fs.set_permissions on Windows --- spec/fs_spec.lua | 8 +++--- src/luarocks/fs/win32/tools.lua | 57 +++++++++++++++++++++++++++++------------ 2 files changed, 45 insertions(+), 20 deletions(-) diff --git a/spec/fs_spec.lua b/spec/fs_spec.lua index 3b4e6bac..eb8425e2 100644 --- a/spec/fs_spec.lua +++ b/spec/fs_spec.lua @@ -31,7 +31,7 @@ describe("Luarocks fs test #unit", function() local make_unreadable = function(path) if is_win then - fs.execute("icacls " .. fs.Q(path) .. " /deny %USERNAME%:(RD)") + fs.execute("icacls " .. fs.Q(path) .. " /inheritance:d /deny %USERNAME%:(R)") else fs.execute("chmod -r " .. fs.Q(path)) end @@ -39,7 +39,7 @@ describe("Luarocks fs test #unit", function() local make_unwritable = function(path) if is_win then - fs.execute("icacls " .. fs.Q(path) .. " /deny %USERNAME%:(WD,AD)") + fs.execute("icacls " .. fs.Q(path) .. " /inheritance:d /deny %USERNAME%:(W,M)") else fs.execute("chmod -w " .. fs.Q(path)) end @@ -47,12 +47,12 @@ describe("Luarocks fs test #unit", function() local make_unexecutable = function(path) if is_win then - fs.execute("icacls " .. fs.Q(path) .. " /deny %USERNAME%:(X)") + fs.execute("icacls " .. fs.Q(path) .. " /inheritance:d /deny %USERNAME%:(X)") else fs.execute("chmod -x " .. fs.Q(path)) end end - + local runner setup(function() diff --git a/src/luarocks/fs/win32/tools.lua b/src/luarocks/fs/win32/tools.lua index c03b0d7b..c267b316 100644 --- a/src/luarocks/fs/win32/tools.lua +++ b/src/luarocks/fs/win32/tools.lua @@ -182,33 +182,58 @@ end function tools.set_permissions(filename, mode, scope) assert(filename and mode and scope) - local who, what if scope == "user" then - who = os.getenv("USERNAME") - elseif scope == "all" then - who = "Everyone" - end - if mode == "read" then - what = "(RD)" - elseif mode == "exec" then - what = "(X)" - end - if not who or not what then - return false, "Invalid permission " .. mode .. " for " .. scope - end + local perms + if mode == "read" then + perms = "(R,W,M)" + elseif mode == "exec" then + perms = "(F)" + end - if scope == "user" then + local ok + -- Take ownership of the given file + ok = fs.execute_quiet("takeown /f " .. fs.Q(filename)) + if not ok then + return false, "Could not take ownership of the given file" + end + -- Grant the current user the proper rights + ok = fs.execute_quiet(fs.Q(vars.ICACLS) .. " " .. fs.Q(filename) .. " /inheritance:d /grant:r %USERNAME%:" .. perms) + if not ok then + return false, "Failed setting permission " .. mode .. " for " .. scope + end + -- Finally, remove all the other users from the ACL in order to deny them access to the file for _, user in pairs(get_system_users()) do if user ~= who then - local ok = fs.execute(fs.Q(vars.ICACLS) .. " " .. fs.Q(filename) .. " /deny " .. fs.Q(user) .. ":" .. fs.Q(what)) + local ok = fs.execute_quiet(fs.Q(vars.ICACLS) .. " " .. fs.Q(filename) .. " /remove " .. fs.Q(user)) if not ok then return false, "Failed setting permission " .. mode .. " for " .. scope end end end + elseif scope == "all" then + local my_perms, others_perms + if mode == "read" then + my_perms = "(R,W,M)" + others_perms = "(R)" + elseif mode == "exec" then + my_perms = "(F)" + others_perms = "(RX)" + end + + local ok + -- Grant permissions available to all users + ok = fs.execute_quiet(fs.Q(vars.ICACLS) .. " " .. fs.Q(filename) .. " /inheritance:d /grant:r Everyone:" .. others_perms) + if not ok then + return false, "Failed setting permission " .. mode .. " for " .. scope + end + -- Grant permissions available only to the current user + ok = fs.execute_quiet(fs.Q(vars.ICACLS) .. " " .. fs.Q(filename) .. " /inheritance:d /grant %USERNAME%:" .. my_perms) + if not ok then + return false, "Failed setting permission " .. mode .. " for " .. scope + end end - return fs.execute(fs.Q(vars.ICACLS) .. " " .. fs.Q(filename) .. " /grant " .. fs.Q(who) .. ":" .. fs.Q(what)) + return true end -- cgit v1.2.3-55-g6feb