acl

package module
v0.0.0-...-28a28d1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 17, 2019 License: MIT Imports: 6 Imported by: 0

README

go-acl

Build status GoDoc MIT License

Manipulating ACLs (Access Control Lists) on Windows is difficult. go-acl wraps the Windows API functions that control access to objects, simplifying the process.

Using the Package

To use the package add the following imports:

import (
    "github.com/hectane/go-acl"
    "golang.org/x/sys/windows"
)

Examples

Probably the most commonly used function in this package is Chmod:

if err := acl.Chmod("C:\\path\\to\\file.txt", 0755); err != nil {
    panic(err)
}

To grant read access to user "Alice" and deny write access to user "Bob":

if err := acl.Apply(
    "C:\\path\\to\\file.txt",
    false,
    false,
    acl.GrantName(windows.GENERIC_READ, "Alice"),
    acl.DenyName(windows.GENERIC_WRITE, "Bob"),
); err != nil {
    panic(err)
}

Using the API Directly

go-acl's api package exposes the individual Windows API functions that are used to manipulate ACLs. For example, to retrieve the current owner of a file:

import (
    "github.com/hectane/go-acl/api"
    "golang.org/x/sys/windows"
)

var (
    owner   *windows.SID
    secDesc windows.Handle
)
err := api.GetNamedSecurityInfo(
    "C:\\path\\to\\file.txt",
    api.SE_FILE_OBJECT,
    api.OWNER_SECURITY_INFORMATION,
    &owner,
    nil,
    nil,
    nil,
    &secDesc,
)
if err != nil {
    panic(err)
}
defer windows.LocalFree(secDesc)

owner will then point to the SID for the owner of the file.

Documentation

Index

Constants

View Source 
const (
	SID_NAME_CREATOR_OWNER       = "S-1-3-0"
	SID_NAME_CREATOR_GROUP       = "S-1-3-1"
	SID_NAME_EVERYONE            = "S-1-1-0"
	SID_NAME_AUTHENTICATED_USERS = "S-1-5-11"
)
View Source 
const DELETE = 0x10000
View Source 
const FILE_APPEND_DATA = windows.FILE_APPEND_DATA // for a directory, the ability to add a subdirectory
View Source 
const FILE_EXECUTE = 0x20 // for a directory, the ability to traverse
View Source 
const FILE_READ_ATTRIBUTES = 0x80
View Source 
const FILE_READ_DATA = windows.FILE_LIST_DIRECTORY // for a directory, the ability to list contents

access mask constants from https://docs.microsoft.com/en-us/windows/desktop/wmisdk/file-and-directory-access-rights-constants the x/sys/windows package defines some but not all of these constants

View Source 
const FILE_READ_EA = 0x08
View Source 
const FILE_WRITE_ATTRIBUTES = windows.FILE_WRITE_ATTRIBUTES
View Source 
const FILE_WRITE_DATA = 0x02 // for a directory, the ability to add a file

the windows package only has this by the "LIST_DIRECTORY" name

View Source 
const FILE_WRITE_EA = 0x10
View Source 
const PERM_EXECUTE uint32 = 0 |
	FILE_EXECUTE |
	FILE_READ_ATTRIBUTES |
	windows.STANDARD_RIGHTS_EXECUTE |
	SYNCHRONIZE
View Source 
const PERM_READ uint32 = 0 |
	FILE_READ_ATTRIBUTES |
	FILE_READ_DATA |
	FILE_READ_EA |
	windows.STANDARD_RIGHTS_READ |
	SYNCHRONIZE
View Source 
const PERM_WRITE uint32 = 0 |
	FILE_APPEND_DATA |
	FILE_WRITE_ATTRIBUTES |
	FILE_WRITE_DATA |
	FILE_WRITE_EA |
	windows.STANDARD_RIGHTS_WRITE |
	SYNCHRONIZE
View Source 
const SYNCHRONIZE = windows.SYNCHRONIZE

Variables

This section is empty.

Functions

func Apply 

func Apply(name string, replace, inherit bool, entries ...api.ExplicitAccess) error

Apply the provided access control entries to a file. If the replace parameter is true, existing entries will be overwritten. If the inherit parameter is true, the file will inherit ACEs from its parent.

func Chmod 

func Chmod(name string, fileMode os.FileMode) error

Change the permissions of the specified file. Only the nine least-significant bytes are used, allowing access by the file's owner, the file's group, and everyone else to be explicitly controlled.

func DenyName 

func DenyName(accessPermissions uint32, name string) api.ExplicitAccess

Create an ExplicitAccess instance denying permissions to the provided name.

func DenySid 

func DenySid(accessPermissions uint32, sid *windows.SID) api.ExplicitAccess

Create an ExplicitAccess instance denying permissions to the provided SID.

func GetEffectiveFileAccessMode 

func GetEffectiveFileAccessMode(name string) (os.FileMode, error)

func GetEffectiveRegKeyAccessMode 

func GetEffectiveRegKeyAccessMode(name string) (os.FileMode, error)

func GetExplicitFileAccessMode 

func GetExplicitFileAccessMode(name string) (os.FileMode, error)

func GetExplicitRegKeyAccessMode 

func GetExplicitRegKeyAccessMode(name string) (os.FileMode, error)

func GrantName 

func GrantName(accessPermissions uint32, name string) api.ExplicitAccess

Create an ExplicitAccess instance granting permissions to the provided name.

func GrantSid 

func GrantSid(accessPermissions uint32, sid *windows.SID) api.ExplicitAccess

Create an ExplicitAccess instance granting permissions to the provided SID.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
Windows API functions for manipulating ACLs.
 Windows API functions for manipulating ACLs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.