1'use strict'; 2 3const common = require('../common'); 4 5if (!common.isWindows) { 6 // TODO: Similar checks on *nix-like systems (e.g using chmod or the like) 7 common.skip('test only runs on Windows'); 8} 9 10const assert = require('assert'); 11const fs = require('fs'); 12const path = require('path'); 13const cp = require('child_process'); 14 15const tmpdir = require('../common/tmpdir'); 16tmpdir.refresh(); 17 18// Create readOnlyMod.js and set to read only 19const readOnlyMod = path.join(tmpdir.path, 'readOnlyMod'); 20const readOnlyModRelative = path.relative(__dirname, readOnlyMod); 21const readOnlyModFullPath = `${readOnlyMod}.js`; 22 23fs.writeFileSync(readOnlyModFullPath, 'module.exports = 42;'); 24 25// Removed any inherited ACEs, and any explicitly granted ACEs for the 26// current user 27cp.execSync( 28 `icacls.exe "${readOnlyModFullPath}" /inheritance:r /remove "%USERNAME%"`); 29 30// Grant the current user read & execute only 31cp.execSync(`icacls.exe "${readOnlyModFullPath}" /grant "%USERNAME%":RX`); 32 33let except = null; 34try { 35 // Attempt to load the module. Will fail if write access is required 36 require(readOnlyModRelative); 37} catch (err) { 38 except = err; 39} 40 41// Remove the explicitly granted rights, and re-enable inheritance 42cp.execSync( 43 `icacls.exe "${readOnlyModFullPath}" /remove "%USERNAME%" /inheritance:e`); 44 45// Delete the test module (note: tmpdir should get cleaned anyway) 46fs.unlinkSync(readOnlyModFullPath); 47 48assert.ifError(except); 49