From c68b15340142d0d82dc9c9fa9a9a1fa74abfb99c Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Mon, 19 Aug 2024 02:24:45 +0200 Subject: [PATCH] Ensure error file can be read from --- scripts/Common/Scripts/Operations.ps1 | 1 + scripts/Windows/Scripts/Security.ps1 | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/Common/Scripts/Operations.ps1 b/scripts/Common/Scripts/Operations.ps1 index ee0d703b..7487a379 100644 --- a/scripts/Common/Scripts/Operations.ps1 +++ b/scripts/Common/Scripts/Operations.ps1 @@ -135,6 +135,7 @@ $null = New-Module { } catch { Set-Content -Path $errorPath -Value $Error; + Set-UserPermissions $errorPath; } finally { Set-Stage ([SetupStage]::Idle); diff --git a/scripts/Windows/Scripts/Security.ps1 b/scripts/Windows/Scripts/Security.ps1 index 0256c28b..e1f62912 100644 --- a/scripts/Windows/Scripts/Security.ps1 +++ b/scripts/Windows/Scripts/Security.ps1 @@ -55,7 +55,13 @@ $null = New-Module { [FileSystemAccessRule]::new( [SecurityIdentifier]::new([WellKnownSidType]::BuiltinUsersSid, $null), [FileSystemRights]::FullControl, - [InheritanceFlags]::ObjectInherit -bor [InheritanceFlags]::ContainerInherit, + (& { + if (Test-Path -PathType Container $Path) { + [InheritanceFlags]::ObjectInherit -bor [InheritanceFlags]::ContainerInherit + } else { + 0 + } + }), [PropagationFlags]::InheritOnly, [AccessControlType]::Allow));