Thursday, April 28, 2011

Default access rights of files and directories

I have an application that is installed on Vista PC's by a user with elevated user rights (and administrator via UAC elevation prompt).

The installer writes some files to a folder in the %APPDATA% folder.

When the user (without elevated user rights) run the application, the files (and created folders) in the shared %APPDATA% (c:\ProgramData in Vista) not Accessible.

The files are written by a 3rd party component. If the component is used without elevated user rights, the files er accessible (and writable).

I have tried to change the access rights the files are written without luck.

Is there a way to make the files default access right full control for everyone?

From stackoverflow
  • First, are you sure your installer is setting up the AppData for all users, and not just one? If the installer generates folders under one user's AppData folder, it doesn't matter how many rights you have on the system in general, you're not getting to that folder unless you're that user.

    Second, it sounds like your installer is writing the folder and/or files on behalf of the user performing the install, which would be an admin and thus requiring elevated privileges. There is a way to get and change the ACL permissions for a folder and/or a file. Perhaps a code snippet of what you're trying that doesn't work may help us help you.

    slugster : +1 i said the same in my comment but you were first :)
    Fedearne : The folder is the shared appdata (c:\ProgramData in Vista). The user running the installer is an administrator on behalf of the user via UAC elevation. I would like the files written c:\ProgramData to be accessible (writable) to the user afterwards. The user has write permission to c:\ProgramDat, but not the files written in it by the installer.
  • I solved the problem by creating a subfolder i c:\ProgramData, using the approach described here

    bool modified;
    DirectoryInfo directoryInfo = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "MyFolder");
    DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
    FileSystemAccessRule rule = new FileSystemAccessRule(
        securityIdentifier,
        FileSystemRights.Write |
        FileSystemRights.ReadAndExecute |
        FileSystemRights.Modify,
        InheritanceFlags.ContainerInherit |
        InheritanceFlags.ObjectInherit,
        PropagationFlags.InheritOnly,
        AccessControlType.Allow);
    directorySecurity.ModifyAccessRule(AccessControlModification.Add, rule, out modified);
    directoryInfo.SetAccessControl(directorySecurity);
    

    Rules are inherited by subfolders and files. All files and folders created in "MyFolder" is writable to Users group.

0 comments:

Post a Comment