# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
Param(
[string]$FileName = $(throw "-FileName is required.")
)
# read = read data | read attributes
$READ_PERMISSIONS = 0x0001 -bor 0x0080
# write = write data | append data | write attributes | write EA
$WRITE_PERMISSIONS = 0x0002 -bor 0x0004 -bor 0x0100 -bor 0x0010
# execute = read data | file execute
$EXECUTE_PERMISSIONS = 0x0001 -bor 0x0020
function GetFilePermissions($path) {
$fileAcl = Get-Acl -Path $path
$fileOwner = $fileAcl.Owner
$fileGroup = $fileAcl.Group
$userMask = 0
$groupMask = 0
$otherMask = 0
foreach ($rule in $fileAcl.Access) {
if ($rule.AccessControlType -ne [Security.AccessControl.AccessControlType]::Allow) {
# not an allow rule, skipping.
continue
}
$mask = 0
$rights = $rule.FileSystemRights.value__
# convert mask.
if ( ($rights -band $READ_PERMISSIONS) -eq $READ_PERMISSIONS ) {
$mask = $mask -bor 4
}
if ( ($rights -band $WRITE_PERMISSIONS) -eq $WRITE_PERMISSIONS ) {
$mask = $mask -bor 2
}
if ( ($rights -band $EXECUTE_PERMISSIONS) -eq $EXECUTE_PERMISSIONS ) {
$mask = $mask -bor 1
}
# detect mask type.
if ($rule.IdentityReference.Value.Equals($fileOwner)) {
$userMask = $mask
}
if ($rule.IdentityReference.Value.Equals($fileGroup)) {
$groupMask = $mask
}
if ($rule.IdentityReference.Value.ToLower().Contains("users")) {
$otherMask = $mask
}
}
return "$userMask$groupMask$otherMask"
}
$mask = GetFilePermissions($FileName)
if (-not $?) {
exit 1
}
# print the permission mask Linux-style.
echo "0$mask"