Greetings. This is a longish query; please bear with me. Thanks...
As part of an installer under development, I create a directory tree secured
at the root by a restrictive ACL. Here's an example structure:
- C:\
- "storage"
- "A"
- "B"
- "C"
So the ACL applied to "storage" is inherited by A, B & C, to which I grant
or deny further permissions as required by the application. At least, that's
how it's supposed to work.
I defined the directory tree using "Directory" elements, and created a
component with a series of <CreateFolder> elements to make the (empty)
directories. In the root ("storage") element, I added <Permission> elements
to grant full access to "Administrators", whilst granting "Users" read-only
access.
This appeared to work correctly; the ACL on "storage" was replaced as
expected (with SYSTEM being added automatically per the MSDN).
Unfortunately, the subdirectories seemed to have some additional permissions
-- the "Users" group could create files at will.
After some hours of head-scratching, followed by a brisk tattoo of
head-banging, I realized that the ACLs on the sub-directories matched the
ACL on "C:\". Whoops (ouch)!
So it appears that the directory structure is created first, then the ACL is
applied in a funny way so that the sub-directories retain their "original"
(inherited) permission. Not what I wanted. It doesn't seem to be a Wix
problem, as I've tried manually hacking the MSI with similar results, so I
guess it's an inherent behaviour of msiexec. Anyway, I figured that if I
could force the "storage" directory to be created and secured first, and
then create the subdirectories, these would inherit from the secured
directory instead of "C:\", and everything would work as expected.
I achieved this in the first instance by separating the subdirectory
creation into a separate component. Success! Kinda...
Unfortunately, I then go on to set up a file share on "B". This is done in a
separate component that hooks into the <Directory> elements using a
<DirectoryRef> as you'd expect. This disturbs the natural order of things,
so everything works correctly except directory B, which ends up with the
looser ACL from "C:\". Argggh!
Anyway, that made me think. How do you regulate the order in which the
creation is done? Looking in Orca, the ordering appears to be predictable
from the order in the Directory table, but I can't influence that strongly
from Wix. Moreover, shifting the directory table entries around doesn't help
the file share problem.
*Thanks for your patience if you've read this far.*
Anybody got any bright ideas? What governs the sequence of steps?
(Incidently, I think this problem also applies to Registry keys, but I'll
cross that bridge if and when I find a solution to the directories)
--
View this message in context:
http://www.nabble.com/Directory-permissions-and-inheritance-tf3967127.html#a11260572
Sent from the wix-users mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users
