How to control file access in Windows?

Go provides os.Chmod() for setting file and directory permissions. For example, if I want to ensure a file is accessible only to the current user, I can do the following:

os.Chmod("somefile.txt", 0600)

This works great on Linux but does absolutely nothing on Windows. After digging into the Go source code, I came across its implementation. It seems like S_IWRITE is the only attribute supported.

How do I control access to a file or directory on Windows using Go?

Explanation

Windows does not use traditional Unix permissions. Instead, Windows controls access to files and directories through access control. Each object has an ACL (Access Control List)^* which controls access to the object.

Each ACL is basically a list of ACEs (Access Control Entries) which determine what access a specific trustee (user, group, etc.) is granted. For example, a file may contain an ACE granting a specific user read access (GENERIC_READ) to the file.

Manipulating ACLs and ACEs is done through the authorization functions in the Windows API.

_{^{* technically each object has two ACLs - a DACL and a SACL}}

Solution

Thankfully, learning all of these functions isn't necessary. I've put together a small Go package named "go-acl" that does all of the heavy-lifting and exposes a function named (what else?) Chmod. Basic usage is as follows:

import "github.com/hectane/go-acl"

err := acl.Chmod("C:\\path\\to\\file.txt", 0755)
if err != nil {
    panic(err)
}

Results

The Chmod() function creates three ACEs in the file's ACL:

• one for the owner (WinCreatorOwnerSid)

• one for the group (WinCreatorGroupSid)

• one for everyone else (WinWorldSid)