Re: [WiX-users] How does one set a "deny" ACE?

Sat, 09 Dec 2006 03:15:29 -0800 

You don't want to deny Users, you want to prevent the setting being
inherited. The difference is subtle: if Users is not in the ACL, the user
will be granted access if any other group they're a member of is in the ACL.
If you create a Deny ACE for Users, anyone who is a member of Users will be
denied access even if some other ACE grants access through a different group
membership. Commonly, the domain users group is a member of the local Users
group, so even if a domain user was a member of the local Administrators
group, they would still be denied access. Deny ACEs trump Allow ACEs. For
more on how ACLs work, see
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAnAccessContr
olList.html.

 

Now, in both cases here you're stuck as neither WiX nor Windows Installer
offer Deny ACEs or the ability to turn off inheritance from the parent
folder's ACL. You'll need to do this with a custom action.

 

-- 

Mike Dimmick

 

  _____  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philip Beber
Sent: 08 December 2006 19:40
To: wix-users@lists.sourceforge.net
Subject: [WiX-users] How does one set a "deny" ACE?

 

My installer needs to create a directory to put log files in. Any user
should be able to create file and write to them in this directory, but only
Admins should be able to read the files. The parent folder allows users to
read files, so I need to set to specifically deny the "Users" group read
access. How do I do this? Simply setting "no" (as below) causes the folder
to inherit the parent folder's setting.

 

        <CreateFolder Directory="LOGS" >

            <Permission User="Administrators" Extended="yes"
GenericAll="yes" />

            <Permission User="Users" Extended="yes" Read="no"
GenericExecute="yes" GenericWrite="yes" Traverse="yes" />

            <Permission User="NetworkService" Extended="yes" Read="no"
GenericExecute="yes" GenericWrite="yes" Traverse="yes" />

        </CreateFolder >

 

Thanks a million!

Phil. 


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

Reply via email to