Skip to content

cuprated: add private file permissions for Windows#606

Open
redsh4de wants to merge 1 commit into
Cuprate:mainfrom
redsh4de:feat/win-private-perms
Open

cuprated: add private file permissions for Windows#606
redsh4de wants to merge 1 commit into
Cuprate:mainfrom
redsh4de:feat/win-private-perms

Conversation

@redsh4de
Copy link
Copy Markdown
Contributor

@redsh4de redsh4de commented May 3, 2026
edited
Loading

What

Closes #551 by adding the Windows equivalent.

Why

In cases where the data paths were outside of the current user's profile directory, files in cuprate's data directories could be read by other users on the same Windows machine.

Where

helper

  • fs/windows_perms.rs - Looks up the current user's ID, builds the ACL, makes it the default for files cuprate creates, and makes each folder it creates with it.
  • fs.rs - set_private_global_file_permisisons is now Unix-only (Windows doesn't really have a 1-to-1 global equivalent). A new Windows-only set_private_directory_permissions(roots: &[&Path]) passes the folder paths to windows_perms::apply. Each function only exists on the OS that needs it
  • Cargo.toml - added new create features from windows that are needed for this to work

cuprated

  • config.rs - new Config::writable_directories() returns the directories cuprate writes to. On Windows only, read_config_and_args calls set_private_directory_permissions once the paths are resolved. This also gave a opportunity to rewrite check_dir_permissions to loop over the new helper.
  • main.rs - set_private_global_file_permissions call is now Unix-only

How

The SDDL string is O:{user}D:P(A;OICI;FA;;;{user})(A;OICI;FA;;;SY)(A;OICI;FA;;;BA) (syntax reference):

Part Meaning
O:{user} Owner is the user
D:P Start of the access list, with the "protected" flag so it does not inherit from the parent folder
(A;OICI;FA;;;{user}) Allow the user full access; sub-folders and files inherit it
(A;OICI;FA;;;SY) Same for SYSTEM
(A;OICI;FA;;;BA) Same for BUILTIN\Administrators

Precedent: Win32-OpenSSH

Example with a path like D:\Cuprate:
image

@github-actions github-actions Bot added A-dependency Area: Related to dependencies, or changes to a Cargo.{toml,lock} file. A-helper Area: Related to cuprate-helper. A-binaries Area: Related to binaries. A-workspace Area: Changes to a root workspace file or general repo file. labels May 3, 2026
@redsh4de redsh4de force-pushed the feat/win-private-perms branch from 78903be to 57535e2 Compare May 5, 2026 19:10
@redsh4de redsh4de force-pushed the feat/win-private-perms branch from b591ef5 to 4d9a3c6 Compare May 12, 2026 20:07
@redsh4de redsh4de force-pushed the feat/win-private-perms branch from 4d9a3c6 to e5b80e4 Compare May 20, 2026 11:23
@redsh4de redsh4de force-pushed the feat/win-private-perms branch from e5b80e4 to aa535c4 Compare June 3, 2026 05:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

A-binaries Area: Related to binaries. A-dependency Area: Related to dependencies, or changes to a Cargo.{toml,lock} file. A-helper Area: Related to cuprate-helper. A-workspace Area: Changes to a root workspace file or general repo file.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Private file permissions by default

1 participant

@redsh4de