Open DataTraveler1 opened 1 year ago
Forgot to mention, I am not the first person to report this. However, I am not able to find the original references.
All files in the repository directory should be checked by the PSU instance upon startup that it has the required permissions that it needs (Full Control?)
Just this week I changed the DEV and then PROD instances from LOCAL SYSTEM to a Service Account. The SA is neither a domain user nor a local admin, just a local user. I gave that user 'Modify' rights on the whole partition where all (except the appsettings.json) of the data (repository, logs, etc.) is stored. And until now it's working fine.
I don't see why the PSU SA should need Full Control to modify ACLs.
Steps to Reproduce
Problem
If the account running PSU does not have permission to modify the configuration files (e.g. authentication.ps1) then there will be an error logged but there will not be any indication to the user.
Steps to recreate
Log data
Notes
All files in the repository directory should be checked by the PSU instance upon startup that it has the required permissions that it needs (Full Control?)
Checking the effective permissions through a module like https://github.com/rohnedwards/PowerShellAccessControl with Get-EffectiveAccess could be preferrable over a technique such as
[io.file]::OpenWrite($filename).close()
Expected behavior
Actual behavior
Environment data
PSU 3.6.2
Visuals
figure shows the button which has no effect when the PSU instance does not have modify rights to authentication.ps1