k8s.io/kubernetes@v1.29.3/test/images/agnhost/mounttest/filePermissions.ps1 (about) 1 # Copyright 2019 The Kubernetes Authors. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 Param( 16 [string]$FileName = $(throw "-FileName is required.") 17 ) 18 19 20 # read = read data | read attributes 21 $READ_PERMISSIONS = 0x0001 -bor 0x0080 22 23 # write = write data | append data | write attributes | write EA 24 $WRITE_PERMISSIONS = 0x0002 -bor 0x0004 -bor 0x0100 -bor 0x0010 25 26 # execute = read data | file execute 27 $EXECUTE_PERMISSIONS = 0x0001 -bor 0x0020 28 29 30 function GetFilePermissions($path) { 31 $fileAcl = Get-Acl -Path $path 32 $fileOwner = $fileAcl.Owner 33 $fileGroup = $fileAcl.Group 34 35 $userMask = 0 36 $groupMask = 0 37 $otherMask = 0 38 39 foreach ($rule in $fileAcl.Access) { 40 if ($rule.AccessControlType -ne [Security.AccessControl.AccessControlType]::Allow) { 41 # not an allow rule, skipping. 42 continue 43 } 44 45 $mask = 0 46 $rights = $rule.FileSystemRights.value__ 47 # convert mask. 48 if ( ($rights -band $READ_PERMISSIONS) -eq $READ_PERMISSIONS ) { 49 $mask = $mask -bor 4 50 } 51 if ( ($rights -band $WRITE_PERMISSIONS) -eq $WRITE_PERMISSIONS ) { 52 $mask = $mask -bor 2 53 } 54 if ( ($rights -band $EXECUTE_PERMISSIONS) -eq $EXECUTE_PERMISSIONS ) { 55 $mask = $mask -bor 1 56 } 57 58 # detect mask type. 59 if ($rule.IdentityReference.Value.Equals($fileOwner)) { 60 $userMask = $mask 61 } 62 if ($rule.IdentityReference.Value.Equals($fileGroup)) { 63 $groupMask = $mask 64 } 65 if ($rule.IdentityReference.Value.ToLower().Contains("users")) { 66 $otherMask = $mask 67 } 68 } 69 70 return "$userMask$groupMask$otherMask" 71 } 72 73 $mask = GetFilePermissions($FileName) 74 if (-not $?) { 75 exit 1 76 } 77 78 # print the permission mask Linux-style. 79 echo "0$mask"