* Review Folder Permissions Plugin Snippet

For users to report plugin bugs and request plugin enhancements; and for authors to test new/new versions of plugins, and to discuss plugin development (in the Programming Technicalities sub-forum). If you want advice on choosing or using a plugin, please ask in General Usage or an appropriate sub-forum.
User avatar
mjashby
Megastar
Posts: 719
Joined: 23 Oct 2004 10:45
Family Historian: V7
Location: Yorkshire

Re: Review Folder Permissions Plugin Snippet

Post by mjashby »

Colin,

I may be wrong but can't find any trace on the WineHQ site/Wiki of Windows Powershell commands having been programmed into Wine; and I also can't find any mention in Winetricks to adding Powershell features.

Looking at Microsoft's Guidance, although Windows Powershell comes as standard with an installation of Windows 7 and above, Powershell 5.1 comes integrated in the .NET Framework 4.5 installation download, so presumably you would need to start with a successful installation of the .NET Framework, which can still be challenging, especially in 64-bit form. Also, Winetricks isn't currently programmed to work with 64-bit wine prefixes (bottles) on either MacOS or Linux.

See; https://docs.microsoft.com/en-us/powers ... wershell-7

See also this 'old' WineHQ report:
https://appdb.winehq.org/objectManager. ... n&iId=8049

Personally, I'm only using a virtualised Windows installation (with VirtualBox) at present, as I've moved on to MacOS 10.15.x (Catalina) and, although Crossover works to an extent, the CodeWeavers admit that their present solution still needs considerable refinement, which won't happen until they're ready to release Crossover 20 with Wine 5 support, as the present 'kludge' (win32on64) hasn't, so far, been accepted by the WineHQ Developers for inclusion in standard builds of Wine. Additionally, none of the developers of open source/freeware front-ends for wine (including POM) seem to have been able to get a fully working system together as they can't jump through all of Apple's Hoops (the notorization and developer signing of individually created wine.apps) that CodeWeavers (Crossover) only seems to have managed to achieve because of their paid Authorised Apple Developer status. So, devleopers/users of alternatives have typically had to permanently disable SIP (Security Integrity Protection) on Macs, and also use rebuilt versions of the Crossover Wine Engine to test their developments as they can't use the Wine builds supplied directly by WineHQ, which exclude the 'win32on64' solution.

Mervyn
User avatar
Valkrider
Megastar
Posts: 1563
Joined: 04 Jun 2012 19:03
Family Historian: V7
Location: Lincolnshire
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by Valkrider »

Mervyn

Thanks for that information. I hadn't done any digging into the reasons.

Like you for my main research I use a VM, I only use a POM instance on my iMac for quick lookups rather than the time it takes to fire up the VM. I have not gone to Catalina as there are some other 32 bit Mac apps that I use and until I can find replacements I will not be moving OS's. My Air is too old to run Catalina and so Crossover is fine on that for when I am travelling (not doing that at the moment though).

I never managed to get FH to work in a native Wine version on my Mac so have stuck with Crossover / POM.
User avatar
tatewise
Megastar
Posts: 28341
Joined: 25 May 2010 11:00
Family Historian: V7
Location: Torbay, Devon, UK
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by tatewise »

I'm going to abandon PowerShell Get-Acl in favour of CMD ICACLS which is where I originally started.
I mistakenly thought that the Get-Acl command would provide effective ACL permissions, but it does not.
For my purposes CMD ICACLS is just as good, provides shorter reports, and involves fewer resources.

So attached is a new Permissions Plugin using CMD ICACLS and slightly different report messages as shown below.
It now includes the user identity and gives abbreviations such as F for FullControl, etc, and hopefully no magic numbers.
Could you guys please give it a go?

PermissionsReport.png
PermissionsReport.png (7.9 KiB) Viewed 9718 times

[ EDIT: Use the later Plugin Attachment that fixes a bug with usernames containing symbols such as hyphen. )
Mike Tate ~ researching the Tate and Scott family history ~ tatewise ancestry
User avatar
laz_gen
Famous
Posts: 177
Joined: 03 Apr 2018 14:02
Family Historian: V7
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by laz_gen »

Was expecting Generic Read & Write as per previous version but it shows GR & GE instead.

What does GE represent?
Attachments
113.jpg
113.jpg (26.79 KiB) Viewed 9717 times
User avatar
tatewise
Megastar
Posts: 28341
Joined: 25 May 2010 11:00
Family Historian: V7
Location: Torbay, Devon, UK
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by tatewise »

No, ICACLS gives abbreviations as listed in https://docs.microsoft.com/en-us/window ... nds/icacls under Remarks.
GR - Generic read
GE - Generic execute
Those are the usual combination but as you say does not seem to match the numerical value given earlier.

What is odd is that it is listing the BUILTIN\Users permissions instead of your Computername\Username.
e.g. In my example TATE7\Mike

Please run the Plugin in debug mode: Tools > Plugins select Permissions then Edit and Go.
It should print your Username and the ICACLS report bottom left when it completes.
Does your Username start one of the lines in the report?
Mike Tate ~ researching the Tate and Scott family history ~ tatewise ancestry
User avatar
Ron Melby
Megastar
Posts: 917
Joined: 15 Nov 2016 15:40
Family Historian: V6.2

Re: Review Folder Permissions Plugin Snippet

Post by Ron Melby »

strId = DESKTOP-VM8CLKV\USR
strUser = DESKTOP-VM8CLKV\USR

strLogText =
DESKTOP-VM8CLKV\USR


FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : DESKTOP-VM8CLKV\USR
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None



DESKTOP-VM8CLKV\USR


FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : DESKTOP-VM8CLKV\USR
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

for ipairs does three loops.
strPermissions never exists.

but when you show the message
you show:
DESKTOP VM8CLKV\USR

*NB: the dash (-) is gone.
the match?
hope this helps.
FH V.6.2.7 Win 10 64 bit
User avatar
laz_gen
Famous
Posts: 177
Joined: 03 Apr 2018 14:02
Family Historian: V7
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by laz_gen »

My "computer name\username" shown on the first line


Dad-PC\Dad
D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)

Successfully processed 1 files; Failed processing 0 files

D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public GR,GE
Plugin has completed
User avatar
tatewise
Megastar
Posts: 28341
Joined: 25 May 2010 11:00
Family Historian: V7
Location: Torbay, Devon, UK
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by tatewise »

Yes, I had overlooked that hyphen (-) is an Lua patterns magic character :oops:

The attached Permissions Plugin fixes that.
[ EDIT Attachment deleted as no longer needed. ]
Mike Tate ~ researching the Tate and Scott family history ~ tatewise ancestry
User avatar
Ron Melby
Megastar
Posts: 917
Joined: 15 Nov 2016 15:40
Family Historian: V6.2

Re: Review Folder Permissions Plugin Snippet

Post by Ron Melby »

std permissions = F
FH V.6.2.7 Win 10 64 bit
User avatar
laz_gen
Famous
Posts: 177
Joined: 03 Apr 2018 14:02
Family Historian: V7
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by laz_gen »

Still works OK



Dad-PC\Dad
D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)

Successfully processed 1 files; Failed processing 0 files

D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public GR,GE
Plugin has completed
User avatar
tatewise
Megastar
Posts: 28341
Joined: 25 May 2010 11:00
Family Historian: V7
Location: Torbay, Devon, UK
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by tatewise »

@laz_gen ~ I don't understand the ACL entries for your D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public folder.

Presumably your FH File > Project Window > Location refers to D:\Dropbox\#Genealogy Live
Your open Project is Lasbury_June_2019
Your username id is Dad-PC\Dad

But there is no ACL entry for Dad-PC\Dad which I would have expected to exist to allow Write or Full access.

Assuming you can write files into your Public folder, I wonder which ACL is allowing that access?
Is it perhaps BUILTIN\Administrators and your account has Administrator privileges?

The Plugin fails to find an ACL for Dad-PC\Dad so defaults to BUILTIN\Users and reports GR,GE access.

For example in my PC...
My main administrator account has username id TATE7\Admin and folders have ACL entries for that id.
My standard user account has username id TATE7\Mike and its Dropbox folders have ACL entries for that id.
Mike Tate ~ researching the Tate and Scott family history ~ tatewise ancestry
User avatar
laz_gen
Famous
Posts: 177
Joined: 03 Apr 2018 14:02
Family Historian: V7
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by laz_gen »

Mike

Correct with the project name and project path.

The single administrator account (Dad) was created at install time.

The computer has a name of Dad-PC

The account name is Dad

One of the previous plugin versions did show BUILTIN\Users
Attachments
114.jpg
114.jpg (68.99 KiB) Viewed 9664 times
115.jpg
115.jpg (68.92 KiB) Viewed 9664 times
User avatar
tatewise
Megastar
Posts: 28341
Joined: 25 May 2010 11:00
Family Historian: V7
Location: Torbay, Devon, UK
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by tatewise »

Since it seems that the current Domain/Username may not appear in the ACL list, I've revised the Plugin again to also check the Group Names the user belongs to, and compile a complete list of permission abbreviations.

So please try attached updated Permissions Plugin.
[ EDIT Attachment deleted as no longer needed. ]
Mike Tate ~ researching the Tate and Scott family history ~ tatewise ancestry
User avatar
laz_gen
Famous
Posts: 177
Joined: 03 Apr 2018 14:02
Family Historian: V7
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by laz_gen »

Happy to help


D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)

Successfully processed 1 files; Failed processing 0 files


Dad-PC\Dad
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114 Mandatory group, Enabled by default, Enabled group
Dad-PC\HomeUsers Alias S-1-5-21-1914415105-423208010-997555893-1003 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account Well-known group S-1-5-113 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group
Mandatory Label\High Mandatory Level Label S-1-16-12288 Mandatory group, Enabled by default, Enabled group

D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public F,RX,GR,GE,M
Plugin has completed
Attachments
116.jpg
116.jpg (26.12 KiB) Viewed 9622 times
User avatar
tatewise
Megastar
Posts: 28341
Joined: 25 May 2010 11:00
Family Historian: V7
Location: Torbay, Devon, UK
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by tatewise »

Excellent :D
That has combined the ACL permissions for the Groups you belong to:

BUILTIN\Administrators ~ (F) means Full access

BUILTIN\Users ~ (RX) & (GR,GE) means Read and execute access & Generic read, Generic execute

NT AUTHORITY\Authenticated Users ~ (M) means Modify access
Mike Tate ~ researching the Tate and Scott family history ~ tatewise ancestry
User avatar
Ron Melby
Megastar
Posts: 917
Joined: 15 Nov 2016 15:40
Family Historian: V6.2

Re: Review Folder Permissions Plugin Snippet

Post by Ron Melby »

and still works for me. F
FH V.6.2.7 Win 10 64 bit
User avatar
tatewise
Megastar
Posts: 28341
Joined: 25 May 2010 11:00
Family Historian: V7
Location: Torbay, Devon, UK
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by tatewise »

Can others please check the Plugin Version 0.7 attached to the Sat 16th May 2020 11:46 posting.
Mike Tate ~ researching the Tate and Scott family history ~ tatewise ancestry
User avatar
Valkrider
Megastar
Posts: 1563
Joined: 04 Jun 2012 19:03
Family Historian: V7
Location: Lincolnshire
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by Valkrider »

@Mike

Still issues with my VM install.
vm.png
vm.png (25.34 KiB) Viewed 9507 times
User avatar
mjashby
Megastar
Posts: 719
Joined: 23 Oct 2004 10:45
Family Historian: V7
Location: Yorkshire

Re: Review Folder Permissions Plugin Snippet

Post by mjashby »

Same result as Colin with a FH installation on a Windows 10 Pro Virtual Machine (VirtualBox).

Musings: Could this be because (from the file path in Colin's screenshot) we both store our data on the Mac User's Drive using a 'network' connection and not within the Virtual Machine? That Drive is, of course, formatted for MacOS and not Windows, i.e. APFS not NTFS. Would that throw the Plugin? The same result would then be expected with a WINE (or Crossover) install, even if the plugin commands could be processed.

Further Musings: Attachment shows result if data is stored within the VM

Mervyn
Attachments
Screenshot 2020-05-18 at 08.57.46.jpg
Screenshot 2020-05-18 at 08.57.46.jpg (77.32 KiB) Viewed 9499 times
Last edited by mjashby on 18 May 2020 09:08, edited 1 time in total.
User avatar
ColeValleyGirl
Megastar
Posts: 5465
Joined: 28 Dec 2005 22:02
Family Historian: V7
Location: Cirencester, Gloucestershire
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by ColeValleyGirl »

For completeness although mine is a pretty vanilla setup:
Screenshot 2020-05-18 09.52.36.png
Screenshot 2020-05-18 09.52.36.png (8.62 KiB) Viewed 9487 times
User avatar
tatewise
Megastar
Posts: 28341
Joined: 25 May 2010 11:00
Family Historian: V7
Location: Torbay, Devon, UK
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by tatewise »

@Mervyn & Colin regarding VM configuration...
Mervyn's VM setup uses conventional C: drive paths and the Command Prompt ICACLS command gets ACLs OK.
Colin's VM setup uses a \\VBOXSVR\ network link and the Command Prompt ICACLS command report is listed below the No ACL permissions found for VM-PC\Colin statement.
So it seems the VM recognises the ICACLS command and responds with All users have full control.
So my Plugin can detect that response and treat it the same as an ACL with permission F (Full control).

The attached updated Permissions Plugin Version 0.8 caters for that VM style of ICACLS report.
[ EDIT Attachment deleted as no longer needed. ]
Mike Tate ~ researching the Tate and Scott family history ~ tatewise ancestry
User avatar
Valkrider
Megastar
Posts: 1563
Joined: 04 Jun 2012 19:03
Family Historian: V7
Location: Lincolnshire
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by Valkrider »

@Mike

My Mac folders are mapped drives so do have a Windows drive letter assigned. It seems as though your plugin seems to be ignoring the mapped letter and actually looking at share folder structure. Could you swap it to look at drive letters?
User avatar
Valkrider
Megastar
Posts: 1563
Joined: 04 Jun 2012 19:03
Family Historian: V7
Location: Lincolnshire
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by Valkrider »

Success
Screenshot 2020-05-18 at 13.09.30.png
Screenshot 2020-05-18 at 13.09.30.png (15.88 KiB) Viewed 9467 times
User avatar
tatewise
Megastar
Posts: 28341
Joined: 25 May 2010 11:00
Family Historian: V7
Location: Torbay, Devon, UK
Contact:

Re: Review Folder Permissions Plugin Snippet

Post by tatewise »

Thanks Colin.
It is not my Plugin that is looking at the \\VBOXSVR\ network link.
It is what FH returns with fhGetContextInfo("CI_PROJECT_PUBLIC_FOLDER").

So I am guessing that your File > Project Window > Location is \\VBOXSVR\Family_Historian_Projects
If you change that to the C: drive mapped letter equivalent my Plugin won't need to cater for the network link case.
Or perhaps you have set that C: drive path and FH is translating that to the network link?
Mike Tate ~ researching the Tate and Scott family history ~ tatewise ancestry
User avatar
mjashby
Megastar
Posts: 719
Joined: 23 Oct 2004 10:45
Family Historian: V7
Location: Yorkshire

Re: Review Folder Permissions Plugin Snippet

Post by mjashby »

For completeness, the new update behaves normally with my normal VirtualBox working setup as shown in first image, same as Colin's.

The second image is from a Crossover setup. Will try to track down the "invalid ACL log file"

Mervyn

Edit: ICACLS.log contains only: "Mervyns-MacBook\crossover "

Unfortunately not very helpful!
Attachments
Screenshot 2020-05-18 at 13.44.39.jpg
Screenshot 2020-05-18 at 13.44.39.jpg (75.66 KiB) Viewed 9452 times
Screenshot 2020-05-18 at 13.49.43.jpg
Screenshot 2020-05-18 at 13.49.43.jpg (83.73 KiB) Viewed 9452 times
Last edited by mjashby on 18 May 2020 13:05, edited 1 time in total.
Post Reply