1[!GOOS:windows] stop
2[!exec:icacls] skip
3[!exec:powershell] skip
4
5# Create $WORK\guest and give the Guests group full access.
6# Files created within that directory will have different security attributes by default.
7mkdir $WORK\guest
8exec icacls $WORK\guest /grant '*S-1-5-32-546:(oi)(ci)f'
9
10env TMP=$WORK\guest
11env TEMP=$WORK\guest
12
13# Build a binary using the guest directory as an intermediate
14cd TestACL
15go build -o main.exe main.go
16# Build the same binary, but write it to the guest directory.
17go build -o $TMP\main.exe main.go
18
19# Read ACLs for the files.
20exec powershell -Command 'Get-Acl main.exe | Select -expand AccessToString'
21cp stdout $WORK\exe-acl.txt
22exec powershell -Command 'Get-Acl main.go | Select -expand AccessToString'
23cp stdout $WORK\src-acl.txt
24cd $TMP
25exec powershell -Command 'Get-Acl main.exe | Select -expand AccessToString'
26cp stdout $WORK\guest-acl.txt
27
28cd $WORK
29
30# The executable written to the source directory should have the same ACL as the source file.
31cmp $WORK\exe-acl.txt $WORK\src-acl.txt
32
33# The file written to the guest-allowed directory should give Guests control.
34grep 'BUILTIN\\Guests\s+Allow' $WORK\guest-acl.txt
35
36# The file written to the ordinary directory should not.
37! grep 'BUILTIN\\Guests\s+Allow' $WORK\exe-acl.txt
38
39
40-- TestACL/go.mod --
41module TestACL
42-- TestACL/main.go --
43package main
44func main() {}
View as plain text