On Tue, 04 May 2010, brian d foy wrote: > > David Golden <xda...@gmail.com> wrote:
> > This is actually a problem with ExtUtils::Install, I think. The same > > problem exists on Windows, but EU::I uses a Win32 call to schedule the > > file for deletion on reboot before replacing it with a new one. > > That feature of ExtUtils::Installed caused many headaches for me on > Windows and a lot of pain for some Windows admins. Apparently a normal > user can bypass various lack of priveleges that would keep him from > outirght deleting files using that trick. It corrupted many a > Strawberry Perl installation which we were trying to keep pristine. > > I don't understand all the Windows stuff, but I know it really stumped > some good admins for awhile because the user permissions looked like > they should stop it. Really? All it should take it putting an inheritable "deny" ACL for "Delete Subfolders and Files" on the install directory. "deny" ACLs always take precedence over "allow" ACLs, so it shouldn't matter what other rights they would have. Quick testing (on Windows 7 only) confirms that this does indeed prohibit not just deleting but also renaming of files and folders. This is all assuming you are using NTFS of course. To preserve pristine status you also need to "deny" other activities, like "Create files / write data" and "Create folders / append data". Cheers, -Jan
