all: imp code, log changes

CHANGELOG.md

@@ -32,6 +32,14 @@ NOTE: Add new changes BELOW THIS COMMENT.
 
 - The release executables are now signed.
 
+### Added
+
+- The `--no-permcheck` command-line option to disable checking and migration of
+  permissions for the security-sensitive files and directories, which caused
+  issues on Windows ([#7400]).
+
+[#7400]: https://github.com/AdguardTeam/AdGuardHome/issues/7400
+
 [go-1.23.3]: https://groups.google.com/g/golang-announce/c/X5KodEJYuqI
 
 <!--

internal/home/home.go

@@ -159,7 +159,7 @@ func setupContext(opts options) (err error) {
 
 	if Context.firstRun {
 		log.Info("This is the first time AdGuard Home is launched")
-		checkPermissions()
+		checkNetworkPermissions()
 
 		return nil
 	}
@@ -686,8 +686,8 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
 		}
 	}
 
-	if opts.checkPermissions {
-		permCheck(confPath, dataDir, statsDir, querylogDir)
+	if !opts.noPermCheck {
+		checkPermissions(Context.workDir, confPath, dataDir, statsDir, querylogDir)
 	}
 
 	Context.web.start()
@@ -696,14 +696,14 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
 	<-done
 }
 
-// permCheck checks and migrates permissions of the files and directories used
-// by AdGuard Home, if needed.
-func permCheck(confPath, dataDir, statsDir, querylogDir string) {
+// checkPermissions checks and migrates permissions of the files and directories
+// used by AdGuard Home, if needed.
+func checkPermissions(workDir, confPath, dataDir, statsDir, querylogDir string) {
 	if permcheck.NeedsMigration(confPath) {
-		permcheck.Migrate(Context.workDir, dataDir, statsDir, querylogDir, confPath)
+		permcheck.Migrate(workDir, dataDir, statsDir, querylogDir, confPath)
 	}
 
-	permcheck.Check(Context.workDir, dataDir, statsDir, querylogDir, confPath)
+	permcheck.Check(workDir, dataDir, statsDir, querylogDir, confPath)
 }
 
 // initUsers initializes context auth module.  Clears config users field.
@@ -765,8 +765,9 @@ func startMods(l *slog.Logger) (err error) {
 	return nil
 }
 
-// Check if the current user permissions are enough to run AdGuard Home
-func checkPermissions() {
+// checkNetworkPermissions checks if the current user permissions are enough to
+// use the required networking functionality.
+func checkNetworkPermissions() {
 	log.Info("Checking if AdGuard Home has necessary permissions")
 
 	if ok, err := aghnet.CanBindPrivilegedPorts(); !ok || err != nil {

internal/home/options.go

@@ -79,9 +79,9 @@ type options struct {
 	// rather than the ones that have been compiled into the binary.
 	localFrontend bool
 
-	// checkPermissions enables the migration of permissions for the
-	// security-sensitive files, including the working directory itself.
-	checkPermissions bool
+	// noPermCheck disables checking and migration of permissions for the
+	// security-sensitive files.
+	noPermCheck bool
 }
 
 // initCmdLineOpts completes initialization of the global command-line option
@@ -311,11 +311,11 @@ var cmdLineOpts = []cmdLineOpt{{
 	shortName:       "",
 }, {
 	updateWithValue: nil,
-	updateNoValue:   func(o options) (options, error) { o.checkPermissions = true; return o, nil },
+	updateNoValue:   func(o options) (options, error) { o.noPermCheck = true; return o, nil },
 	effect:          nil,
-	serialize:       func(o options) (val string, ok bool) { return "", o.checkPermissions },
+	serialize:       func(o options) (val string, ok bool) { return "", o.noPermCheck },
 	description:     "Check and migrate permissions of security-sensitive files.",
-	longName:        "permcheck",
+	longName:        "no-permcheck",
 	shortName:       "",
 }, {
 	updateWithValue: nil,