Skip to content

fix(win32): try to set ACLs without propagating them #9157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mgallien merged 2 commits into from
Dec 1, 2025
Merged

fix(win32): try to set ACLs without propagating them #9157

mgallien merged 2 commits into from
Dec 1, 2025

Conversation

@nilsding
Copy link
Member

@nilsding nilsding commented Dec 1, 2025

apparently SetFileSecurity did not propagate ACLs, unlike its "new" replacement SetSecurityInfo/SetNamedSecurityInfo.

SetSecurityInfo should not perform the propagation if the handle is opened with an access mask value of MAXIMUM_ALLOWED, so let's give that a try.

also removed the restriction on the FILE_WRITE_ATTRIBUTES permission so that FileSystem::setFileReadOnly has an easier time modifying the basic attribute

@nilsding nilsding added this to the 4.0.3 milestone Dec 1, 2025
@nilsding nilsding self-assigned this Dec 1, 2025
@nilsding nilsding requested a review from mgallien as a code owner December 1, 2025 09:06
@nilsding nilsding mentioned this pull request Dec 1, 2025
Closed
@nilsding
Copy link
Member Author

nilsding commented Dec 1, 2025

/backport to stable-4.0

@nilsding @mgallien
fix(win32): try to set ACLs without propagating them
e0d0257 
apparently `SetFileSecurity` did not do that, unlike its "new" (since
Windows 2000) replacement `SetSecurityInfo`/`SetNamedSecurityInfo`.

[`SetSecurityInfo` should not perform the propagation if the handle is
opened with an access mask value of `MAXIMUM_ALLOWED`][0], so let's give
that a try.

also removed the restriction on the FILE_WRITE_ATTRIBUTES permission so
that `FileSystem::setFileReadOnly` has an easier time modifying the
basic attribute

[0]: https://learn.microsoft.com/en-us/windows/win32/api/aclapi/nf-aclapi-setsecurityinfo#:~:text=MAXIMUM_ALLOWED

Fixes #9136

Signed-off-by: Jyrki Gadinger <nilsding@nilsding.org>
@nilsding @mgallien
chore: remove unused parameter
102238d 
Signed-off-by: Jyrki Gadinger <nilsding@nilsding.org>
@mgallien mgallien force-pushed the bugfix/9136/noninheritable-perms branch from 65f1e6f to 102238d Compare December 1, 2025 14:22
@mgallien mgallien enabled auto-merge December 1, 2025 14:23
@github-actions
Copy link

github-actions bot commented Dec 1, 2025

Artifact containing the AppImage: nextcloud-appimage-pr-9157.zip

Digest: sha256:1ec5535c20b4814511086c11d54d7d871c287e711dd5aeb214f5f05776315c99

To test this change/fix you can download the above artifact file, unzip it, and run it.

Please make sure to quit your existing Nextcloud app and backup your data.

@mgallien mgallien merged commit a56b766 into master Dec 1, 2025
20 checks passed
@mgallien mgallien deleted the bugfix/9136/noninheritable-perms branch December 1, 2025 15:00
@backportbot backportbot bot mentioned this pull request Dec 1, 2025
Merged
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 1, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
E Maintainability Rating on New Code (required ≥ A)
33 New Code Smells (required ≤ 0)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@nilsding nilsding linked an issue Dec 2, 2025 that may be closed by this pull request
[Bug]: Desktop client windows 4.0.2 freeze file explorer #9136
Closed
8 tasks
@nilsding nilsding modified the milestones: 4.0.3, 4.1.0 Dec 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mgallien mgallien mgallien approved these changes

@Aiiaiiio Aiiaiiio Awaiting requested review from Aiiaiiio Aiiaiiio is a code owner

@camilasan camilasan Awaiting requested review from camilasan camilasan is a code owner

@i2h3 i2h3 Awaiting requested review from i2h3 i2h3 is a code owner

Assignees

@nilsding nilsding

Labels

3. to review os: 🚪 Windows

Projects

None yet

Milestone

4.1.0

Development

Successfully merging this pull request may close these issues.

[Bug]: Desktop client windows 4.0.2 freeze file explorer

3 participants

@nilsding @mgallien