WiX为NetworkService设置App_Data文件夹权限修改

发布于 2024-08-06 19:53:34 字数 349 浏览 3 评论 0原文

我正为这个问题苦苦挣扎。我需要通过 Wix 安装程序将 ASP.Net 站点中的 App_Data 文件夹的权限设置为 NetworkService 帐户的修改。我尝试了以下方法，但没有运气。

<CreateFolder>
  <util:PermissionEx GenericAll="yes" ChangePermission="yes" Delete="yes" 
    DeleteChild="yes" User="[WIX_ACCOUNT_NETWORKSERVICE]" />
</CreateFolder>

我也尝试指定附加，但收到错误消息，指出不允许这样做。

原文

I'm struggling with this one. I need to set the permissions of the App_Data folder in an ASP.Net site to Modify for the NetworkService account via my Wix installer. I tried the following but with no luck.

<CreateFolder>
  <util:PermissionEx GenericAll="yes" ChangePermission="yes" Delete="yes" 
    DeleteChild="yes" User="[WIX_ACCOUNT_NETWORKSERVICE]" />
</CreateFolder>

I tried also specifying Append but I got an error saying it's not allowed.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

猥琐帝 2024-08-13 19:53:35

您需要 User="NetworkService"。支持 PermissionEx 的 SecureObj.cpp 代码中有一个知名用户的列表。

    `// figure out the right user to put into the access block
    if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Everyone"))
    {
        hr = AclGetWellKnownSid(WinWorldSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Administrators"))
    {
        hr = AclGetWellKnownSid(WinBuiltinAdministratorsSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalSystem"))
    {
        hr = AclGetWellKnownSid(WinLocalSystemSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalService"))
    {
        hr = AclGetWellKnownSid(WinLocalServiceSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"NetworkService"))
    {
        hr = AclGetWellKnownSid(WinNetworkServiceSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"AuthenticatedUser"))
    {
        hr = AclGetWellKnownSid(WinAuthenticatedUserSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Guests"))
    {
        hr = AclGetWellKnownSid(WinBuiltinGuestsSid, &psid);
    }
    else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"CREATOR OWNER"))
    {
        hr = AclGetWellKnownSid(WinCreatorOwnerSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"INTERACTIVE"))
    {
        hr = AclGetWellKnownSid(WinInteractiveSid, &psid);
    }
    else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Users"))
    {
        hr = AclGetWellKnownSid(WinBuiltinUsersSid, &psid);
    }
    else`

Windows Installer LockPermission 表（WiX 中的 Permission 元素）也支持大多数众所周知的名称，但它们是本地化的，恕我直言，这是一个非常糟糕的设计。这就是 WiX 拥有这个已知列表的原因。

You want User="NetworkService". There is a list of well known users in the SecureObj.cpp code that backs PermissionEx.

    `// figure out the right user to put into the access block
    if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Everyone"))
    {
        hr = AclGetWellKnownSid(WinWorldSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Administrators"))
    {
        hr = AclGetWellKnownSid(WinBuiltinAdministratorsSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalSystem"))
    {
        hr = AclGetWellKnownSid(WinLocalSystemSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalService"))
    {
        hr = AclGetWellKnownSid(WinLocalServiceSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"NetworkService"))
    {
        hr = AclGetWellKnownSid(WinNetworkServiceSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"AuthenticatedUser"))
    {
        hr = AclGetWellKnownSid(WinAuthenticatedUserSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Guests"))
    {
        hr = AclGetWellKnownSid(WinBuiltinGuestsSid, &psid);
    }
    else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"CREATOR OWNER"))
    {
        hr = AclGetWellKnownSid(WinCreatorOwnerSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"INTERACTIVE"))
    {
        hr = AclGetWellKnownSid(WinInteractiveSid, &psid);
    }
    else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Users"))
    {
        hr = AclGetWellKnownSid(WinBuiltinUsersSid, &psid);
    }
    else`

The Windows Installer LockPermission table (the Permission element in WiX) also support most well known names but they are localized which is a really poor design, IMHO. That's why WiX has this known list.

回复收藏 0 原文

時窥 2024-08-13 19:53:35

好吧，我找到了一个答案（可能不是答案）。您无法使用 util:PermissionEx 为“网络服务”帐户设置文件权限（它不是众所周知的 sid 或类似的东西）。最后，我编写了一个自定义操作，使用 cacls.exe 实用程序设置权限。

<CustomAction Id="PermissionAppData" Directory="TARGETDIR" 
  ExeCommand=""[SystemFolder]cacls.exe" 
  "[INSTALLDIR]\App_Data"
  /T /E /G "NT AUTHORITY\Network Service:C"" Return="check" />

Well, I figured out an answer (probably not the answer). You can't set the file permission using util:PermissionEx for the "Network Service" account (its not a well know sid or something like that). In the end, I wrote a custom action that sets the permission using the cacls.exe utility.

<CustomAction Id="PermissionAppData" Directory="TARGETDIR" 
  ExeCommand=""[SystemFolder]cacls.exe" 
  "[INSTALLDIR]\App_Data"
  /T /E /G "NT AUTHORITY\Network Service:C"" Return="check" />

回复收藏 0 原文

~没有更多了~