Hi guys... I figure that I might as well chime in here, too... A while ago, I posted a sample for modifying directory permissions using a custom action (using cacls.exe) in an msi task. The sample is for the msi task in NAntContrib and can be viewed here: http://nant.sourceforge.net/wiki/index.php/InstallTasks_Sample_CAModifyDirPermissions To modify access per file, you just need to use different attributes with the cacls custom action. Otherwise, you could probably also accomplish it by adding a "custom table" LockPermissions specifying a file identifier, etc... If you go the route of using the msi task, and need some info on how to accomplish this, let me know.
Otherwise, for installing/uninstalling the msi, you might want to look at just calling the exec task for the program msiexec. msiexec is a command-line based program allowing installs/uninstalls. Via that utility, you can specify property values and even supress dialogs (for unattended installs, etc). More info on msiexec here: http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/msiexec.asp Jim > If you build a windows installer package, file permissions can be > specified for your install. I am not aware of a way to do this > directly in VS.NET setup projects, as far as I know you have to use > Orca and add the records manually to the LockPermissions table. There > is also an msi task in NAntContrib, which I haven't used but could > most likely be set up to add records for permissions. > > I opted for setting permissions in code using a custom action during > the msi installation. There is a library here for this purpose. > > http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9> > The library can be a little overbearing for simple use, and is not CLR > compliant. Here is a wrapper that is CLR compliant and allows for usage > like this in my installation: > > public void SetFilePermissions() { > string user = "aspnet"; > > OsVersionInfo info = new OsVersionInfo(); > if(info.IsOSWindowsServer2003) user = "network service"; > > FilePermissionsManager.AddPermissions(InstallDirectory, user, > FilePermissionType.GenericAll, true); > FilePermissionsManager.AddPermissions(InstallDirectory + > "file.txt", user, FilePermissionType.GenericAll); > // In case the .NET framework install didn't set this(IIS > installed after framework): > FilePermissionsManager.AddPermissions(GetSystemTempDirectory(), > user, FilePermissionType.GenericAll, false); > //Users Group > user = "Users"; > FilePermissionsManager.AddPermissions(InstallDirectory, user, > FilePermissionType.GenericRead); > //Administrators Group > user = "Administrators"; > FilePermissionsManager.AddPermissions(InstallDirectory, user, > FilePermissionType.GenericAll, true); > } > > > > using System; > using System.IO; > using System.Collections; > > > namespace Microsoft.Win32.Security { > > public enum FilePermissionType { > GenericAll = 0, > GenericExecute = 1, > GenericWrite = 2, > GenericRead = 3 > } > > public sealed class FilePermissionsManager { > > private void New() {} > > public static void AddPermissions(string path, string > user, FilePermissionType permissions) { > SecurityDescriptor descriptor; > Dacl dacl; > descriptor = > SecurityDescriptor.GetFileSecurity(path, > SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); > dacl = descriptor.Dacl; > dacl.AddAce(new AceAccessAllowed(new Sid(user), > ConvertPermissions(permissions), AceFlags.OBJECT_INHERIT_ACE | > AceFlags.CONTAINER_INHERIT_ACE)); > descriptor.SetDacl(dacl); > descriptor.SetFileSecurity(path, > SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); > > } > > public static void AddPermissions(string path, string > user, FilePermissionType permissions, bool recursive) { > if(recursive) { > RecursePath(path, user, permissions); > } > else { > AddPermissions(path, user, permissions); > } > } > > public static void RemovePermissions(string path,string > user) { > SecurityDescriptor descriptor; > Dacl dacl; > descriptor = > SecurityDescriptor.GetFileSecurity(path, > SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); > dacl = descriptor.Dacl; > foreach(Ace ace in dacl) { > if ((ace.Sid.CanonicalName.ToLower() == > user.ToLower()) || (ace.Sid.AccountName.ToLower() == user.ToLower())) { > dacl.RemoveAces(ace.Sid); > descriptor.SetDacl(dacl); > descriptor.SetFileSecurity(path, > > SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); > return; > } > } > } > > private static void RecursePath(string path,string user, > > FilePermissionType permissions) { > // The path supplied > AddPermissions(path, user, permissions); > // All files in the folder > foreach(string f in Directory.GetFiles(path)) { > AddPermissions(f, user, permissions); > } > // Each subdirectory > foreach(string dir in > Directory.GetDirectories(path)) { > RecursePath(dir, user, permissions); > } > } > > private static AccessType > ConvertPermissions(FilePermissionType permissions) { > // AccessType is a uint flag enum and cannot be > used from vb, this is a conversion for vb compatibility > // TODO: Come up with a better way to convert > this > (hey it works for now) > switch (permissions) { > case FilePermissionType.GenericAll: { > return AccessType.GENERIC_ALL; > } > case FilePermissionType.GenericExecute: > { > return > AccessType.GENERIC_EXECUTE; > } > case FilePermissionType.GenericWrite: { > return AccessType.GENERIC_WRITE; > } > case FilePermissionType.GenericRead: { > return AccessType.GENERIC_READ; > } > default: { > throw new > ArgumentException(string > .Format("Unrecognized permission type: {0}", permissions.ToString())); > } > } > } > } > } > > > I have to deploy QA sites almost daily like you mention, keep in mind > if you use an msi package you will either have to uninstall the old > site first (i am writing a custom task to do this today) or change the > upgrade code (this is what I do) so that your msi will install as a > new product and you can have multiple sites up. > > Hope this helps, > > Steve Baker > > > > > > "Scott Hernandez" <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 05/19/2004 07:56 PM > > To: "Jason Chaffee" <[EMAIL PROTECTED]>, > <[EMAIL PROTECTED]> > cc: > Subject: Re: [Nant-users] Deployment automation > > > Take a look at the archives for messages about remote MSI install, and > NTFS > acls stuff. I believe everything you need had been discussed before. > > Mail-archive.com has nant archives; the sf.net stuff kinda works, but > not really. > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg00633.html> > ----- Original Message ----- > From: "Jason Chaffee" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, May 19, 2004 11:41 AM > Subject: [Nant-users] Deployment automation > > >> Hello all, feel free to disregard the newby here. >> I am looking for documentation or some reference help in getting nant >> to work for deploying a webapp to a particular server. >> I have created multiple targets (ex. prod, test, staging). I see that >> custom tasks can be built too. >> One problem I am having is finding a way to automate the > verification/setup >> of directory security. >> Are there tasks that can set NT permissions for a particular user? It > seems >> that this may need to be done manually. I was also thinking of having > Nant >> kick off an msi package that sets the website up. >> Not sure what the best way to tackle this is, any input would be >> appreciated. >> The biggest problem with this is the number of sites we produce and > deploy >> and the differences between each build. I might have to create a nant > build >> file for each site. >> thanks... >> >> >> >> >> ------------------------------------------------------- >> This SF.Net email is sponsored by: Oracle 10g >> Get certified on the hottest thing ever to hit the market... Oracle >> 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. >> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click >> _______________________________________________ >> Nant-users mailing list >> [EMAIL PROTECTED] >> https://lists.sourceforge.net/lists/listinfo/nant-users >> >> > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle > 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Nant-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/nant-users ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Nant-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-users
