Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to control file access in Windows?

Go provides os.Chmod() for setting file and directory permissions. For example, if I want to ensure a file is accessible only to the current user, I can do the following:

os.Chmod("somefile.txt", 0600)

This works great on Linux but does absolutely nothing on Windows. After digging into the Go source code, I came across its implementation. It seems like S_IWRITE is the only attribute supported.

How do I control access to a file or directory on Windows using Go?

like image 546
Nathan Osman Avatar asked Oct 30 '15 22:10

Nathan Osman


People also ask

How do I restrict access to files on my computer?

Use Permissions to Prevent Unauthorized Access to Files. Right-click on the folder you would like to make private. Select properties, and then select the "security" tab. You will then see the security options for the folder you chose.

How do I control access to a folder?

Select Start > Settings > Update & Security > Windows Security > Virus & threat protection. Under Virus & threat protection settings, select Manage settings. Under Controlled folder access, select Manage Controlled folder access. Switch the Controlled folder access setting to On or Off.


1 Answers

Explanation

Windows does not use traditional Unix permissions. Instead, Windows controls access to files and directories through access control. Each object has an ACL (Access Control List)* which controls access to the object.

Each ACL is basically a list of ACEs (Access Control Entries) which determine what access a specific trustee (user, group, etc.) is granted. For example, a file may contain an ACE granting a specific user read access (GENERIC_READ) to the file.

Manipulating ACLs and ACEs is done through the authorization functions in the Windows API.

* technically each object has two ACLs - a DACL and a SACL

Solution

Thankfully, learning all of these functions isn't necessary. I've put together a small Go package named "go-acl" that does all of the heavy-lifting and exposes a function named (what else?) Chmod. Basic usage is as follows:

import "github.com/hectane/go-acl"

err := acl.Chmod("C:\\path\\to\\file.txt", 0755)
if err != nil {
    panic(err)
}

Results

The Chmod() function creates three ACEs in the file's ACL:

enter image description here

  • one for the owner (WinCreatorOwnerSid)
  • one for the group (WinCreatorGroupSid)
  • one for everyone else (WinWorldSid)
like image 163
Nathan Osman Avatar answered Sep 30 '22 22:09

Nathan Osman