How do you set directory permissions in NSIS?

Question

I\'m trying to build a Windows installer using Nullsoft Install System that requires installation by an Administrator. The installer makes a \"logs\" directory. Since regul

Answer 1

Use the AccessControl plugin and then add this to the script, where the "logs" directory is in the install directory.

AccessControl::GrantOnFile "$INSTDIR\logs" "(BU)" "FullAccess"

That gives full access to the folder for all users.

Answer 2

Why not create a log-directory in the user's %APPDATA% directory? Do you really need to put all the logs in the install directory? Why?

Answer 3

One way: call the shell, and use cacls or xcacls.

Answer 4

AccessControl::GrantOnFile "<folder>" "(BU)" "FullAccess" didn't work for me on a Windows Server 2008 machine. Instead I had to use this one:

AccessControl::GrantOnFile "<folder>" "(S-1-5-32-545)" "FullAccess"

S-1-5-32-545 is equivalent to "Users" according to Microsoft Support: Well-known security identifiers in Windows operating systems.

Answer 5

Instead of changing the permissions on directories under Program Files, why not put the logs in a location that is writeable by all users.

See the 4.9.7.7 SetShellVarContext section in your NSIS documentation. You can use it with $APPDATA to get the application data folder that is writeable for all users.

Answer 6

It's an old issue now but as suggested by Sören APPDATA directory is a nice way to do what you want, the thing is : Don't take user's personnal APPDATA but the "All Users" APPDATA dir! This way anyone will be able to access the log file ;-)

Also, I read somewhere that using (BU) on the GrantOnFile is not working well with some systems (Win 7 x64 if I remember well), maybe you should use the SID "(S-1-5-32-545)" instead (it's the All Users' SID, this value is a constant on each Windows OS)