WiX权限，如何表达“修改”？就 DACL 标志而言

发布于 2024-08-02 12:06:55 字数 1029 浏览 2 评论 0原文

我正在尝试将自定义权限应用于文件夹作为 WiX 3.0.4318.0 安装程序的一部分。

就资源管理器中的安全属性 UI 而言，我想添加修改 BUILTIN\Users 的权限。显然，它需要能够抵抗用户名的本地化。因此，根据我迄今为止的研究，我至少想要：

<CreateFolder Directory="XYZ" >
    <PermissionEx User="[WIX_ACCOUNT_USERS]" 
         GenericRead="yes" GenericWrite="yes" Delete="Yes" />
</CreateFolder>

问题：

我在子目录中执行此操作 - 我是否正确地假设 Permission 和 PermissionEx 之间的选择没有实际意义？
资源管理器中文件夹权限对话框中的“修改”在权利方面映射到什么 - 我看到很多示例，人们将其转换为一个神奇的数字或一大组标志 - 其他人使用了什么（意图是允许创建、读取、写入、追加和删除，这在 UI 中最好用简单权限表示为“修改”）。我已经使用 icacls 查看了底层权限，它告诉我它称为“M”，但我无法将它们映射到“特定权限”（按照 icacls / 使用的术语）？）。还有另一个映射表在 Windows 帮助中。有没有人得到有效的权威答案？

Question about PermissionEx (WIX) 有一个非常类似的未回答问题，这将是残酷的但公平地引用为重复项。

原文

I'm attempting to apply custom rights to a folder as part of a WiX 3.0.4318.0 installer.

In terms of the Security properties UI in explorer, I want to add Modify to the rights for BUILTIN\Users. Obviously it needs to be resilient against localisation of the user name. So based on my research to date, I want at least:

<CreateFolder Directory="XYZ" >
    <PermissionEx User="[WIX_ACCOUNT_USERS]" 
         GenericRead="yes" GenericWrite="yes" Delete="Yes" />
</CreateFolder>

Questions:

I'm doing this in a subdirectory - am I correct in assuming that the choice between Permission and PermissionEx is Moot?
What does 'Modify' in the Folder Permissions dialog in Explorer map to in terms of rights - I see many samples where people have translated it to a magic number or a big set of flags - what have other people used (the intent is to allow create, read, write, append and delete, which is best expressed in the UI in terms of Simple Rights as 'Modify'). I've looked at the underlying permissions with icacls which tells me its called 'M', but I have no way to map them to 'specific rights' (in terms as used by icacls /?). There's another mapping table in the windows help. Has anyone got an authorative answer that's worked?

There is a very similar unanswered question at Question regarding PermissionEx (WIX), which it would be cruel but fair to cite as a duplicate.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

淡笑忘祈一世凡恋 2024-08-09 12:06:55

以下组合是我发现的

“修改”权限：

<util:PermissionEx GenericRead="yes" GenericWrite="yes"
   GenericExecute="yes" Delete="yes" DeleteChild="yes" User="SOMEUSER" />

“读取”权限：

<util:PermissionEx Read="yes" GenericRead="yes" User="SOMEUSER" />

The following combinations are what I've found

"modify" permission:

<util:PermissionEx GenericRead="yes" GenericWrite="yes"
   GenericExecute="yes" Delete="yes" DeleteChild="yes" User="SOMEUSER" />

"read" permission:

<util:PermissionEx Read="yes" GenericRead="yes" User="SOMEUSER" />

回复收藏 0 原文

累赘 2024-08-09 12:06:55

经过更多的工作后，我的发现是：

在 3.0.5419.0 中，PermissionEx 与 util:"PermissionEx 与 Permission 没有实际意义，并且不需要像您在以前版本的网络上看到的那样的 Extended="true"。以前的版本会出现错误在运行时解决 BUILTIN\USERS.
选择我选择的三个权限似乎满足了我的上下文的要求，

我仍然对看到其他响应非常感兴趣，因为我仍然是 WiX-noob。

回复收藏 0 原文

百思不得你姐 2024-08-09 12:06:55

要完全像使用 WiX 3.6 在 Windows 7 和 Windows XP 上手动设置权限一样获得它，您需要使用以下命令：

<util:PermissionEx 
    User="Users" Domain="BUILTIN" 
    GenericWrite="yes" GenericExecute="yes" GenericRead="yes" 
    Delete="yes" Synchronize="yes" />

To get it exactly as you would by setting the permissions by hand on Windows 7 and Windows XP using WiX 3.6, you would need to use this:

<util:PermissionEx 
    User="Users" Domain="BUILTIN" 
    GenericWrite="yes" GenericExecute="yes" GenericRead="yes" 
    Delete="yes" Synchronize="yes" />

回复收藏 0 原文

~没有更多了~