How to control file access in Windows?

Question

Go provides os.Chmod() for setting file and directory permissions. For example, if I want to ensure a file is accessible only to the current user, I can do the following:

os.Chmod("somefile.txt", 0600)

This works great on Linux but does absolutely nothing on Windows. After digging into the Go source code, I came across its implementation. It seems like S_IWRITE is the only attribute supported.

How do I control access to a file or directory on Windows using Go?

Answer 1

Explanation

Windows does not use traditional Unix permissions. Instead, Windows controls access to files and directories through access control. Each object has an ACL (Access Control List)^* which controls access to the object.

Each ACL is basically a list of ACEs (Access Control Entries) which determine what access a specific trustee (user, group, etc.) is granted. For example, a file may contain an ACE granting a specific user read access (GENERIC_READ) to the file.

Manipulating ACLs and ACEs is done through the authorization functions in the Windows API.

_{^{* technically each object has two ACLs - a DACL and a SACL}}

Solution

Thankfully, learning all of these functions isn't necessary. I've put together a small Go package named "go-acl" that does all of the heavy-lifting and exposes a function named (what else?) Chmod. Basic usage is as follows:

import "github.com/hectane/go-acl"

err := acl.Chmod("C:\\path\\to\\file.txt", 0755)
if err != nil {
    panic(err)
}

Results

The Chmod() function creates three ACEs in the file's ACL:

• one for the owner (WinCreatorOwnerSid)
• one for the group (WinCreatorGroupSid)
• one for everyone else (WinWorldSid)