|
# Define the file path |
|
$filePath = "$env:USERPROFILE\.ssh\authorized_keys" |
|
|
|
# Check if the file exists |
|
if (-Not (Test-Path $filePath)) { |
|
Write-Host "File $filePath does not exist." |
|
exit |
|
} |
|
|
|
# Get the current file's ACL (Access Control List) |
|
$acl = Get-Acl -Path $filePath |
|
|
|
# Disable inheritance |
|
$acl.SetAccessRuleProtection($true, $false) |
|
|
|
# Get the current user |
|
$currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name |
|
|
|
# Define required permissions |
|
$requiredPermissions = @( |
|
[System.Security.AccessControl.FileSystemRights]::ReadAndExecute, |
|
[System.Security.AccessControl.FileSystemRights]::Read, |
|
[System.Security.AccessControl.FileSystemRights]::Write |
|
) |
|
|
|
# Add Full Control permission for the SYSTEM user |
|
$systemIdentity = "NT AUTHORITY\SYSTEM" |
|
$systemAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( |
|
$systemIdentity, |
|
[System.Security.AccessControl.FileSystemRights]::FullControl, |
|
[System.Security.AccessControl.AccessControlType]::Allow |
|
) |
|
$acl.SetAccessRule($systemAccessRule) |
|
|
|
# Add basic permissions for the current user |
|
$userAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( |
|
$currentUser, |
|
[System.Security.AccessControl.FileSystemRights]::ReadAndExecute, |
|
[System.Security.AccessControl.AccessControlType]::Allow |
|
) |
|
$acl.SetAccessRule($userAccessRule) |
|
|
|
# Apply the modified ACL |
|
Set-Acl -Path $filePath -AclObject $acl |
|
|
|
Write-Host "Permissions for file $filePath have been successfully updated." |
