All geek questions in one place

MsBuild Deployment with Drop Permissions for PackageLocation File

I have a MsBuild Build in TFS that publishes a webmail package. This is the command line I use:

/t:Build;Package /p:DeployOnBuild=true;Configuration=Release; DeployTarget=Package;PackageLocation=\\xxx\MyApp.zip

It works correctly, and it also replaces the web.config options as expected. The only problem I encountered is the permissions applied to the package file. Now the file is deployed to: * \ myshare \ myapp \ * And the folder is installed with permission: Everything: full control The package inside the folder has permission: TFSAdmin: full control and nothing else, so I can not open it or copy ... I can i avoid this?

+4
source share
3 answers

It still seems that the problem cannot be fixed, if not with a workaround. I found an easy and simple solution by executing a batch file in the workflow at the end of the build process. In the batch file, I use very old ICACLS to re-set permissions:

 ICACLS \\xxx\MyPackage.zip /GRANT Everyone:F ICACLS \\xxx\MyPackage.zip /GRANT Users:F
0
source

Add to MSBuild.proj file:

 <Exec Command="icacls "\\xxx\MyApp.zip" /grant User:F" ContinueOnError="true" />

a sequence of simple rights: F - full access M - change access RX - read and execute access R - read-only access W - write-only access

0
source

If you want to create a folder available on your website, you can put the following snippet in your "PostBuild" events at the very bottom of your .csproj (you need to manually edit the .csproj file through a text editor)

 <Target Name="AfterBuild"> <!-- grant everyone the modify right recursively even for files and folders created dynamically in the future --> <!-- note the use of (OI) and (CI) flags which stand for object inherit & container inherit these flags --> <!-- indicate that subordinate containers will inherit the same access control element or ace this means that --> <!-- files and folders created in the future within the targeted folder will get the same permissions --> <Exec Command=" icacls &quot;.\Logs&quot; /grant Users:(CI)(OI)M /T " ContinueOnError="true" />ฯƒ <Exec Command=" icacls &quot;.\Logs&quot; /grant IIS_IUSRS:(CI)(OI)M /T " ContinueOnError="true" /> </Target>

Sidenote: if you use the publish / deploy function on a remote visual studio server to deploy your website, then it goes without saying that folder permissions will probably NOT be saved and that you will have to use some after installing the script to re apply them (maybe use the icacls method again). This type of post-installation script should probably be part of WebDeploy - it didnโ€™t use WebDeploy, so your mileage may vary depending on the specific aspect.

0
source

Source: https://habr.com/ru/post/1398245/

More articles:


All Articles