Enhance file permission settings for Cursor configuration files

- Updated Linux, macOS, and Windows scripts to set more restrictive file permissions - Implemented read-only file access with additional validation checks - Added fallback methods to ensure configuration file protection - Improved logging for permission setting processes
4 months ago · 09a95b999f
3 changed files with 40 additions and 9 deletions
--- a/scripts/run/cursor_linux_id_modifier.sh
+++ b/scripts/run/cursor_linux_id_modifier.sh
@ -185,9 +185,21 @@ generate_new_config() {
    sed -i "s|\"telemetry\.devDeviceId\":[[:space:]]*\"[^\"]*\"|\"telemetry.devDeviceId\": \"$device_id\"|" "$STORAGE_FILE"
    sed -i "s|\"telemetry\.sqmId\":[[:space:]]*\"[^\"]*\"|\"telemetry.sqmId\": \"$sqm_id\"|" "$STORAGE_FILE"

-    chmod 644 "$STORAGE_FILE"
+    # 设置文件权限和所有者
+    chmod 444 "$STORAGE_FILE"  # 改为只读权限
    chown "$CURRENT_USER:$CURRENT_USER" "$STORAGE_FILE"
    
+    # 验证权限设置
+    if [ -w "$STORAGE_FILE" ]; then
+        log_warn "无法设置只读权限，尝试使用其他方法..."
+        # 在 Linux 上使用 chattr 命令设置不可修改属性
+        if command -v chattr &> /dev/null; then
+            chattr +i "$STORAGE_FILE" 2>/dev/null || log_warn "chattr 设置失败"
+        fi
+    else
+        log_info "成功设置文件只读权限"
+    fi
+    
    echo
    log_info "已更新配置:"
    log_debug "machineId: $machine_id"
--- a/scripts/run/cursor_mac_id_modifier.sh
+++ b/scripts/run/cursor_mac_id_modifier.sh
@ -161,9 +161,18 @@ generate_new_config() {
    sed -i '' -e "s/\"telemetry\.devDeviceId\":[[:space:]]*\"[^\"]*\"/\"telemetry.devDeviceId\": \"$device_id\"/" "$STORAGE_FILE"
    sed -i '' -e "s/\"telemetry\.sqmId\":[[:space:]]*\"[^\"]*\"/\"telemetry.sqmId\": \"$sqm_id\"/" "$STORAGE_FILE"

-    chmod 644 "$STORAGE_FILE"
+    # 设置文件权限和所有者
+    chmod 444 "$STORAGE_FILE"  # 改为只读权限
    chown "$CURRENT_USER" "$STORAGE_FILE"
    
+    # 验证权限设置
+    if [ -w "$STORAGE_FILE" ]; then
+        log_warn "无法设置只读权限，尝试使用其他方法..."
+        chattr +i "$STORAGE_FILE" 2>/dev/null || true
+    else
+        log_info "成功设置文件只读权限"
+    fi
+    
    echo
    log_info "已更新配置:"
    log_debug "machineId: $machine_id"
--- a/scripts/run/cursor_win_id_modifier.ps1
+++ b/scripts/run/cursor_win_id_modifier.ps1
@ -197,10 +197,10 @@ try {
        # 创建新的访问控制列表
        $acl = New-Object System.Security.AccessControl.FileSecurity
        
-        # 添加当前用户的完全控制权限
+        # 添加当前用户的只读权限
        $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
            $userAccount,  # 使用域名\用户名格式
-            [System.Security.AccessControl.FileSystemRights]::FullControl,
+            [System.Security.AccessControl.FileSystemRights]::ReadAndExecute,  # 改为只读权限
            [System.Security.AccessControl.InheritanceFlags]::None,
            [System.Security.AccessControl.PropagationFlags]::None,
            [System.Security.AccessControl.AccessControlType]::Allow
@ -209,13 +209,20 @@ try {
        try {
            $acl.AddAccessRule($accessRule)
            Set-Acl -Path $STORAGE_FILE -AclObject $acl -ErrorAction Stop
-            Write-Host "$GREEN[信息]$NC 成功设置文件权限"
+            Write-Host "$GREEN[信息]$NC 成功设置文件只读权限"
+            
+            # 设置文件为只读属性
+            Set-ItemProperty -Path $STORAGE_FILE -Name IsReadOnly -Value $true
+            Write-Host "$GREEN[信息]$NC 成功设置文件只读属性"
        } catch {
            # 如果第一种方法失败，尝试使用 icacls
            Write-Host "$YELLOW[警告]$NC 使用备选方法设置权限..."
-            $result = Start-Process "icacls.exe" -ArgumentList "`"$STORAGE_FILE`" /grant `"$($env:USERNAME):(F)`"" -Wait -NoNewWindow -PassThru
+            $result = Start-Process "icacls.exe" -ArgumentList "`"$STORAGE_FILE`" /grant `"$($env:USERNAME):(R)`"" -Wait -NoNewWindow -PassThru
            if ($result.ExitCode -eq 0) {
-                Write-Host "$GREEN[信息]$NC 成功使用 icacls 设置文件权限"
+                Write-Host "$GREEN[信息]$NC 成功使用 icacls 设置文件只读权限"
+                # 设置文件为只读属性
+                Set-ItemProperty -Path $STORAGE_FILE -Name IsReadOnly -Value $true
+                Write-Host "$GREEN[信息]$NC 成功设置文件只读属性"
            } else {
                Write-Host "$YELLOW[警告]$NC 设置文件权限失败，但文件已写入成功"
            }
@ -224,9 +231,12 @@ try {
        Write-Host "$YELLOW[警告]$NC 设置文件权限失败: $_"
        Write-Host "$YELLOW[警告]$NC 尝试使用 icacls 命令..."
        try {
-            $result = Start-Process "icacls.exe" -ArgumentList "`"$STORAGE_FILE`" /grant `"$($env:USERNAME):(F)`"" -Wait -NoNewWindow -PassThru
+            $result = Start-Process "icacls.exe" -ArgumentList "`"$STORAGE_FILE`" /grant `"$($env:USERNAME):(R)`"" -Wait -NoNewWindow -PassThru
            if ($result.ExitCode -eq 0) {
-                Write-Host "$GREEN[信息]$NC 成功使用 icacls 设置文件权限"
+                Write-Host "$GREEN[信息]$NC 成功使用 icacls 设置文件只读权限"
+                # 设置文件为只读属性
+                Set-ItemProperty -Path $STORAGE_FILE -Name IsReadOnly -Value $true
+                Write-Host "$GREEN[信息]$NC 成功设置文件只读属性"
            } else {
                Write-Host "$YELLOW[警告]$NC 所有权限设置方法都失败，但文件已写入成功"
            }