Hi guys... I figure that I might as well chime in here, too...

A while ago, I posted a sample for modifying directory permissions using a
custom action (using cacls.exe) in an msi task.  The sample is for the msi
task in NAntContrib and can be viewed here:
http://nant.sourceforge.net/wiki/index.php/InstallTasks_Sample_CAModifyDirPermissions
To modify access per file, you just need to use different attributes with
the cacls custom action.  Otherwise, you could probably also accomplish it
by adding a "custom table" LockPermissions specifying a file identifier,
etc... If you go the route of using the msi task, and need some info on how
to accomplish this, let me know.

Otherwise, for installing/uninstalling the msi, you might want to look at
just calling the exec task for the program msiexec.  msiexec is a
command-line based program allowing installs/uninstalls.  Via that utility,
you can specify property values and even supress dialogs (for unattended
installs, etc).  More info on msiexec here:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/msiexec.asp

Jim


> If you build a windows installer package, file permissions can be
> specified for your install.  I am not aware of a way to do this
> directly  in VS.NET setup projects, as far as I know you have to use
> Orca and add  the records manually to the LockPermissions table.  There
> is also an msi  task in NAntContrib, which I haven't used but could
> most likely be set up  to add records for permissions.
>
> I opted for setting permissions in code using a custom action during
> the  msi installation. There is a library here for this purpose.
>
>
http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9>
> The library can be a little overbearing for simple use, and is not CLR
> compliant. Here is a wrapper that is CLR compliant and allows for usage
>  like this in my installation:
>
> public void SetFilePermissions() {
>        string user = "aspnet";
>
>        OsVersionInfo info = new OsVersionInfo();
>        if(info.IsOSWindowsServer2003) user = "network service";
>
>        FilePermissionsManager.AddPermissions(InstallDirectory, user,
> FilePermissionType.GenericAll, true);
>        FilePermissionsManager.AddPermissions(InstallDirectory +
> "file.txt", user, FilePermissionType.GenericAll);
>        // In case the .NET framework install didn't set this(IIS
> installed after framework):
>        FilePermissionsManager.AddPermissions(GetSystemTempDirectory(),
> user, FilePermissionType.GenericAll, false);
>        //Users Group
>        user = "Users";
>        FilePermissionsManager.AddPermissions(InstallDirectory, user,
> FilePermissionType.GenericRead);
>        //Administrators Group
>        user = "Administrators";
>        FilePermissionsManager.AddPermissions(InstallDirectory, user,
> FilePermissionType.GenericAll, true);
> }
>
>
>
> using System;
> using System.IO;
> using System.Collections;
>
>
> namespace Microsoft.Win32.Security {
>
>        public enum FilePermissionType {
>                GenericAll = 0,
>                GenericExecute = 1,
>                GenericWrite = 2,
>                GenericRead = 3
>        }
>
>        public sealed class FilePermissionsManager {
>
>                private void New() {}
>
>                public static void AddPermissions(string path, string
> user, FilePermissionType permissions) {
>                        SecurityDescriptor descriptor;
>                        Dacl dacl;
>                        descriptor =
> SecurityDescriptor.GetFileSecurity(path,
> SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
>                        dacl = descriptor.Dacl;
>                        dacl.AddAce(new AceAccessAllowed(new Sid(user),
> ConvertPermissions(permissions), AceFlags.OBJECT_INHERIT_ACE |
> AceFlags.CONTAINER_INHERIT_ACE));
>                        descriptor.SetDacl(dacl);
>                        descriptor.SetFileSecurity(path,
> SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
>
>                }
>
>                public static void AddPermissions(string path, string
> user, FilePermissionType permissions, bool recursive) {
>                        if(recursive) {
>                                RecursePath(path, user, permissions);
>                        }
>                        else {
>                                AddPermissions(path, user, permissions);
>                        }
>                }
>
>                public static void RemovePermissions(string path,string
> user) {
>                        SecurityDescriptor descriptor;
>                        Dacl dacl;
>                        descriptor =
> SecurityDescriptor.GetFileSecurity(path,
> SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
>                        dacl = descriptor.Dacl;
>                        foreach(Ace ace in dacl) {
>                                if ((ace.Sid.CanonicalName.ToLower() ==
> user.ToLower()) || (ace.Sid.AccountName.ToLower() == user.ToLower())) {
>                                        dacl.RemoveAces(ace.Sid);
>                                        descriptor.SetDacl(dacl);
>                                        descriptor.SetFileSecurity(path,
>
> SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
>                                        return;
>                                }
>                        }
>                }
>
>                private static void RecursePath(string path,string user,
>
> FilePermissionType permissions) {
>                        // The path supplied
>                        AddPermissions(path, user, permissions);
>                        // All files in the folder
>                        foreach(string f in Directory.GetFiles(path)) {
>                                AddPermissions(f, user, permissions);
>                        }
>                        // Each subdirectory
>                        foreach(string dir in
> Directory.GetDirectories(path)) {
>                                RecursePath(dir, user, permissions);
>                        }
>                }
>
>                private static AccessType
> ConvertPermissions(FilePermissionType permissions) {
>                        // AccessType is a uint flag enum and cannot be
> used from vb, this is a conversion for vb compatibility
>                        // TODO: Come up with a better way to convert
>                        this
> (hey it works for now)
>                        switch (permissions) {
>                                case FilePermissionType.GenericAll: {
>                                        return AccessType.GENERIC_ALL;
>                                }
>                                case FilePermissionType.GenericExecute:
>                                {
>                                        return
>                                        AccessType.GENERIC_EXECUTE;
>                                }
>                                case FilePermissionType.GenericWrite: {
>                                        return AccessType.GENERIC_WRITE;
>                                }
>                                case FilePermissionType.GenericRead: {
>                                        return AccessType.GENERIC_READ;
>                                }
>                                default: {
>                                        throw new
>                                        ArgumentException(string
> .Format("Unrecognized permission type: {0}", permissions.ToString()));
>                                }
>                        }
>                }
>        }
> }
>
>
> I have to deploy QA sites almost daily like you mention, keep in mind
> if  you use an msi package you will either have to uninstall the old
> site  first (i am writing a custom task to do this today) or change the
> upgrade  code (this is what I do) so that your msi will install as a
> new product  and you can have multiple sites up.
>
> Hope this helps,
>
> Steve Baker
>
>
>
>
>
> "Scott Hernandez" <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 05/19/2004 07:56 PM
>
>        To:     "Jason Chaffee" <[EMAIL PROTECTED]>,
> <[EMAIL PROTECTED]>
>        cc:
>        Subject:        Re: [Nant-users] Deployment automation
>
>
> Take a look at the archives for messages about remote MSI install, and
> NTFS
> acls stuff. I believe everything you need had been discussed before.
>
> Mail-archive.com has nant archives; the sf.net stuff kinda works, but
> not really.
>
>
http://www.mail-archive.com/[EMAIL PROTECTED]/msg00633.html>
> ----- Original Message -----
> From: "Jason Chaffee" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, May 19, 2004 11:41 AM
> Subject: [Nant-users] Deployment automation
>
>
>> Hello all, feel free to disregard the newby here.
>> I am looking for documentation or some reference help in getting nant
>> to work for deploying a webapp to a particular server.
>> I have created multiple targets (ex. prod, test, staging).  I see that
>> custom tasks can be built too.
>> One problem I am having is finding a way to automate the
> verification/setup
>> of directory security.
>> Are there tasks that can set NT permissions for a particular user? It
> seems
>> that this may need to be done manually.  I was also thinking of having
> Nant
>> kick off an msi package that sets the website up.
>> Not sure what the best way to tackle this is, any input would be
>> appreciated.
>> The biggest problem with this is the number of sites we produce and
> deploy
>> and the differences between each build. I might have to create a nant
> build
>> file for each site.
>> thanks...
>>
>>
>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by: Oracle 10g
>> Get certified on the hottest thing ever to hit the market... Oracle
>> 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
>> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
>> _______________________________________________
>> Nant-users mailing list
>> [EMAIL PROTECTED]
>> https://lists.sourceforge.net/lists/listinfo/nant-users
>>
>>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle
> 10g.  Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Nant-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/nant-users





-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Nant-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/nant-users

Reply via email to