Manipulating ACLs (Access Control Lists) on Windows is difficult. go-acl wraps the Windows API functions that control access to objects, simplifying the process.
To use the package add the following imports:
import (
"github.com/hectane/go-acl"
"golang.org/x/sys/windows"
)
Probably the most commonly used function in this package is Chmod:
if err := acl.Chmod("C:\\path\\to\\file.txt", 0755); err != nil {
panic(err)
}
To grant read access to user "Alice" and deny write access to user "Bob":
if err := acl.Apply(
"C:\\path\\to\\file.txt",
false,
false,
acl.GrantName(windows.GENERIC_READ, "Alice"),
acl.DenyName(windows.GENERIC_WRITE, "Bob"),
); err != nil {
panic(err)
}
go-acl's api package exposes the individual Windows API functions that are used to manipulate ACLs. For example, to retrieve the current owner of a file:
import (
"github.com/hectane/go-acl/api"
"golang.org/x/sys/windows"
)
var (
owner *windows.SID
secDesc windows.Handle
)
err := api.GetNamedSecurityInfo(
"C:\\path\\to\\file.txt",
api.SE_FILE_OBJECT,
api.OWNER_SECURITY_INFORMATION,
&owner,
nil,
nil,
nil,
&secDesc,
)
if err != nil {
panic(err)
}
defer windows.LocalFree(secDesc)
owner will then point to the SID for the owner of the file.