1. 技术文章
  2. WiX set App_Data folder permission to modify for NetworkService

WiX set App_Data folder permission to modify for NetworkService

萝らか妹 提交于 2019-12-21 05:44:10

问题


I'm struggling with this one. I need to set the permissions of the App_Data folder in an ASP.Net site to Modify for the NetworkService account via my Wix installer. I tried the following but with no luck.

<CreateFolder>
  <util:PermissionEx GenericAll="yes" ChangePermission="yes" Delete="yes" 
    DeleteChild="yes" User="[WIX_ACCOUNT_NETWORKSERVICE]" />
</CreateFolder>

I tried also specifying Append but I got an error saying it's not allowed.


回答1:


You want User="NetworkService". There is a list of well known users in the SecureObj.cpp code that backs PermissionEx.

    `// figure out the right user to put into the access block
    if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Everyone"))
    {
        hr = AclGetWellKnownSid(WinWorldSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Administrators"))
    {
        hr = AclGetWellKnownSid(WinBuiltinAdministratorsSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalSystem"))
    {
        hr = AclGetWellKnownSid(WinLocalSystemSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalService"))
    {
        hr = AclGetWellKnownSid(WinLocalServiceSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"NetworkService"))
    {
        hr = AclGetWellKnownSid(WinNetworkServiceSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"AuthenticatedUser"))
    {
        hr = AclGetWellKnownSid(WinAuthenticatedUserSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Guests"))
    {
        hr = AclGetWellKnownSid(WinBuiltinGuestsSid, &psid);
    }
    else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"CREATOR OWNER"))
    {
        hr = AclGetWellKnownSid(WinCreatorOwnerSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"INTERACTIVE"))
    {
        hr = AclGetWellKnownSid(WinInteractiveSid, &psid);
    }
    else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Users"))
    {
        hr = AclGetWellKnownSid(WinBuiltinUsersSid, &psid);
    }
    else`

The Windows Installer LockPermission table (the Permission element in WiX) also support most well known names but they are localized which is a really poor design, IMHO. That's why WiX has this known list.




回答2:


Well, I figured out an answer (probably not the answer). You can't set the file permission using util:PermissionEx for the "Network Service" account (its not a well know sid or something like that). In the end, I wrote a custom action that sets the permission using the cacls.exe utility.

<CustomAction Id="PermissionAppData" Directory="TARGETDIR" 
  ExeCommand="&quot;[SystemFolder]cacls.exe&quot; 
  &quot;[INSTALLDIR]\App_Data&quot;
  /T /E /G &quot;NT AUTHORITY\Network Service:C&quot;" Return="check" />


来源:https://stackoverflow.com/questions/1527939/wix-set-app-data-folder-permission-to-modify-for-networkservice

标签
wix
wix3
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!