0

I have a C program with an installer created by an NSIS script. The issue is one of the files that the installer adds needs to be read only. For this problem I am trying to use the AccessControl plugin. I include the plugin directory with the following line:

!addplugindir "AccessControl\Unicode\Plugins"

At the bottom of my install section I have attempted these lines with no success:

AccessControl::GrantOnFile "$INSTDIR\file.txt" "BUILTINUSERS" "GenericRead + Delete"
AccessControl::GrantOnFile "$INSTDIR\file.txt" "(BU)" "GenericRead + Delete"
AccessControl::GrantOnFile "$INSTDIR\file.txt" "(S-1-5-32-545)" "GenericRead + Delete"
AccessControl::GrantOnFile "$INSTDIR\file.txt" "(S-1-1-0)" "GenericRead + Delete"

There is no error displayed when the script is compiled but after running the installer the file can still be written over. I have had no success from any of these sources.

http://nsis.sourceforge.net/AccessControl_plug-in

http://avidinsight.uk/2014/01/nsis-access-control-problem-with-built-in-users-group/

How do you set directory permissions in NSIS?

http://nsis.sourceforge.net/Talk:AccessControl_plug-in

On a final note I am using Windows 8.

Community
  • 1
  • 1
duncan
  • 1,161
  • 8
  • 14

1 Answers1

1

GrantOnFile appends to the existing ACL for the file and never restricts anything. Use SetOnFile to start a new ACL or in your case, use DenyOnFile to deny access for specific groups.

You should also Pop after each call to these functions, the popped string will be "ok" or a error message.

Anders
  • 97,548
  • 12
  • 110
  • 164