-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
linklocal requires Administrator permissions when run under Windows default security settings #22
Comments
Windows supports two different types of "soft links", whereas in most MacOS/Linux-based operating systems, the common practice is to use symbolic links. LinkLocal was already using 'junction' links on Windows for versions older than Vista (e.g. XP). However, using a link type of 'symbolic link' on Windows for higher versions throws an error if you are using default Windows settings and are running as a normal user or an administrator that has not elevated into admin mode (e.g. UAC). So this change is of the flavour to just switch to using 'junction' links all the time on Windows, since unelevated/non-admin users are allowed to manage those under default Windows security settings. Prior to this change, existing LinkLocal tests while on unelevated/non-admin would fail if using default Windows security settings. I verified this change makes it pass for non-admin/unelevated users in the default Windows security config at least on Windows 10 64-bit OS, NTFS file system (default FS type), 64-bit Node v0.12.9, NPM 3.5.2.
Windows supports two different types of "soft links", whereas in most MacOS/Linux-based operating systems, the common practice is to use symbolic links. LinkLocal was already using 'junction' links on Windows for versions older than Vista (e.g. XP). However, using a link type of 'symbolic link' on Windows for higher versions throws an error if you are using default Windows settings and are running as a normal user or an administrator that has not elevated into admin mode (e.g. UAC). So this change is of the flavour to just switch to using 'junction' links all the time on Windows, since unelevated/non-admin users are allowed to manage those under default Windows security settings. Prior to this change, existing LinkLocal tests while on unelevated/non-admin would fail if using default Windows security settings. I verified this change makes it pass for non-admin/unelevated users in the default Windows security config at least on Windows 10 64-bit OS, NTFS file system (default FS type), 64-bit Node v0.12.9, NPM 3.5.2.
Updated OP with references to documentation on junctions and symbolic links on Windows, and a pull request #23 that does the simple-fix of just always using junctions. :) Note, both symbolic links and junctions are supported in Microsoft's new ReFS, which may become eventually incorporated to desktop/workstation editions of Windows (brings incremental resiliency checking for large drives and copy-on-write). @timoxley - let me know if there's anything I can do to help out! :) |
I've never used this on windows, do you have any opinions on this @vweevers? |
npm uses junctions too nowadays. It's fine to switch to junctions, but beware that junctions must be absolute in node 0.10. Node's |
IIRC, when linklocal uses junctions for Windows XP, it already has the same workaround implemented (convert the path to absolute). I did find one other difference between junctions and symbolic links on Windows - in that junctions have to be to resolve to a directory on a local disk, whereas symbolic links allow for targets that are SMB network paths. It seems that would be okay for most |
Fix #22 - Always use Junctions on Windows
I love
linklocal
😄. I'd like to use it as part of our toolset in splitting up my team's large JS codebase into smaller packages. I'm a big fan of using local links and avoiding global version clobbering/hell.However, a lot of my team members run Windows for their dev environments, and in Windows there are multiple link-like file system entities (hard links, symbolic links and junctions). They're also a less commonly used feature in Windows (e.g. Explorer creates 'shortcuts', not symlinks, hard links or junctions). I'm not an expert on Windows filesystem security settings, but it appears that the following bad experience happens in Windows.
Non-admin users also cannot create "symbolic links" by default, but they can be granted the permission.
References:
I believe this is the default state for the first user account on Windows, and a likely configuration for developers. While there are workarounds (disable UAC, add link privilege for non-admin accounts), I believe it's in the spirit of linklocal to support isolated execution (e.g. running as non-admin so that machine globals cannot be touched).
Investigation
I did some preliminary investigation, and the use of junctions on Windows seems to work in this scenario and not require elevation. Switching to "all junctions all the time" on Windows is easy by removing the OS version check from this line:
So that the if-block is the same for all versions of Windows.
Verification
npm test
Open Questions:
I'm happy to chip in, but I think it'd be great to hear what kind of fix would be desired for this (e.g. just changing to junctions, or maybe adding a switch to explicitly specify the link type for Windows)
The text was updated successfully, but these errors were encountered: