Can someone tell me how to set file permissions in Delphi 2006? I am using TINIFile.Create to create INI files in my application. The problem is that if I create the file while logged onto Windows as an administrator and then try to run the application as just a standard user and overwrite the INI file, I do not have permission to do so. I put the file in the AllUsers\ApplicationData\MyProduct folder. I'd like to set the permissions to this folder. I need AllUsers to have Full permissions to the MyProduct folder. If its possible to do this through a WindowsAPI that'd be great because I also need to do this in C++ and C#. I'd really appreciate any help. Thanks!
Although you can do all sorts of permission changes with the right code in Delphi (as admin) a better application structure is to NOT assume that your App has any privileges (you say you want it to run in user mode). Instead, use the installer that will install your App (e.g Inno Setup) to copy a suitable Ini file template into your required data folder. You can specify the permissions that you want using "Permissions: user-modify" on the file copy line.
You can use JEDI library for this. Here is a blog "Setting file security with JWSCL" from posted by Christian Wimmer
The correct answer on "how to do that" is "don't do it at all".
If you set "allow to write for anyone" for your MyProduct folder or ini-file - this will be violating security. Because now any user can affect other users - this is not what they should be allowed to do.
Any user must affect only his world. He should not affect worlds of other users. This power is reserved for administrators.
Why is this bad? Obsiosly.
That's why the correct way will be approx. like this:
Installer of your application MAY put an ini-file into AllUsers folder, but DO NOT alter file's permissions. This file will be default read-only options.
Your application should read settings from AllUsers folder and from current user folder. If it needs to save settings - it should write to user folder, not AllUsers. That way, each user will have their own preferences/settings.
If you want that "someone powerfull" should have ability to enforce settings for all users - he should be an administrator. He can edit file in AllUsers, thus affecting settings of all users.
Note, that you also need to decide, which setting have higher priority (global or local). So, you can have both at same time: (a) local settings for each user and (b) ability to enforce/override user's settings.
Most probably you create your ini file into the application folder, don't you? You should avoid such practice. Instead create ini files into users\YourUser\AppData\Roaming\YourProduct.
I am having a similar problem.
Since you need to do this also in other environments I have a suggestion for you.
Use an external installer to install your application. It has many benefits and one of them is that it will configure for you a File\Directory\Registry permissions during the installation. Of course you would have to run the installation on administrative account but then your users will have the permissions required by your application.
I can recommend you a great installer which is called Inno Setup.
Related
I have an "Advanced Installer" project that I am trying to use to install my "TopShelf" windows service that I have built.
I found the spot in Advanced Installer to grant permissions to the installation folder, but I don't see a way to grant permissions to the "Local System" account.
Manually, this is done by going to the security option in the properties of the folder and adding a user with the same name as the computer name but ending with a $. For Example MyNiceComputer$. (Oh, and you have to select the "Computers" option in the types area.)
But there is no way to do all this in Advanced Installer. If I do make one like MyNiceComputer$, it just makes an empty entry in the security tab. (No Permissions on it, even though I setup for full control.)
Has anyone ever needed to do this with Advanced Installer?
Additional Details:
I am installing an app that runs as a windows service. (It is a console app built with TopShelf).
Our company policy is to install all our applications into a folder that looks like this:
C:\OurCompanyApps\MyApp
When I create the installer, it runs fine, but then I when I start up the Windows Service, I get the following error:
Windows could not start the MyApp service on Local Computer
Error 5: Access is denied.
But when I grant access to Local System (by giving Full Control rights to myNiceComputer$ on the MyApp folder), then this error goes away and the app runs fine. From what I read, this is because the application is running as Local System.
It seems odd that it needs full control but it does not work without it. (But as far as I can see, the contents of the folder are un-altered).
#Bogdan Mitrache seems to indicate that granting permissions to Local System is not possible via Advanced Installer. This is good to know (so I don't waste more time looking). I will probably ask my System Admins for a dedicated system account to run my service as. Not ideal, but it will serve as a work around.
So, in one of my "less finer" moments of debugging, I mixed up two different things.
There was also a file missing, (my config file). I restored that and changed the permissions at the same time. But then I forgot to go back and verify which one was the actual fix. (I know, not good debugging.)
So, the Access is denied error was due to a missing file.
Could you tell me please. I wrote an application that uses 'Settings.ini' to save settings. The application is installed using InnoSetup. If there are several user accounts and the application is installed in one of them, so, if I try to run the application from another account I get error "Unable to write to....". That is, if run from another account, the application has no rights to write to the settings file. I don't know what happens in Windows XP, but that's the way application behaves in Windows 7.
So could you tell me please, is there something I should define in my application to make it work for multiple users or it should be changed during the installation, somewhere in InnoSetup parameters?
Thank you.
You should - install the very program into Program Files or some other common folder - folder that any user have rights to read and run, but not to write or delete. USually installers would allow to override the folder, but the rule remains: every user should have non-destructive rights (read and execute) and none - destructive (delete, overwrite)
That means your installer should request Admin rights and UAC Elevation - ask InnoSetup forum or documentation how to do it. That may deal with including manifests resources into installer. It is normal when a regular user runs the installer and installer then asks for another username and password with admin rights.
The settings and other user-unique data should be saved into special per-user data folders. Usually that is AppLocal folder under user profile. However it is task for your application rather than the installer. Installer may create global settings templates, that the application would just copy into user-local settings on the 1st run under given user, or would override by user-local settings if cascading settings storage is implemented.
http://msdn.microsoft.com/en-us/library/windows/apps/hh465094.aspx
http://blogs.msdn.com/b/patricka/archive/2010/03/18/where-should-i-store-my-data-and-configuration-files-if-i-target-multiple-os-versions.aspx
Run command prompt, issue set command - and u would see all needed paths as environment variables wit hnames like AppPath, LocalAppPath and UserProfile
http://greatis.com/delphicb/tips/lib/systemifo-envstrings.html
http://www.delphidabbler.com/articles?article=6
Let's say I am the administrator of some project on sf.net. I want to
add a new user as member of a project, and to grant him
rights to create files in some directory.
I added a user as member of a project, but it didn't have a
possibility to create/delete files/directories.
If someone has experience in a similar question, prompt to me please.
Thanks!
Your best bet would be to ask this question on either #sourceforge on irc.freenode.net, or create a support ticket at https://sourceforge.net/p/forge/site-support/new/ or email the support staff at sfnet_ops#geek.net
What you're describing shouldn't happen, so you need to report it as a problem. However, it could just take a little time for the necessary permissions to get applied, so it might depend on how close together the two events are.
Assuming you are on SourceForge's latest platform i.e Allura, here are the steps you can try.
1) Log in to SF
2) Click on Admin tab
3) Click on User Permissions
You should be able to add users, create group and manage permission for group.
Your database has not been created yet. Please create the database, then install the tables and data using the information above before proceeding.
Use a ftp/sftp/scp app like WinSCP to examine your directory.
There's usually a readme file in the directory.
Read it and do what it says. It'll likely say to run a script, visit an admin page (and then remove it when you're done), etc.. Or it may say to create your database, and enter the relevant info (hostname, directory, userid/pwd) into a .config file or something.
Oh, and you probably need to have a database created on the host before you do this. Sites like dreamhost and pair have control panels where you create the database, and give the admin/dba userid/passwords. Then it comes back with the server host name/directory where you will point your config to.
Is there a way to add a tool to osCommerce without having to edit any file? Just simply place files in some dir maybe?
I need to write addon for administrator of osC that lets them print something for every order.
No there isn't.
If you want to extend the admin of osCommerce, you'll have to get dirty and edit some lines of code for the existing files.
This is separate to things like the payment and shipping modules where you can just drop in some files and have it available for install.