I have a config.txt file in my VS 2013 project. Here is its permissions for ALL APPLICATION PACKAGES :
When I get a setup.exe by compiling an InstallShield LE project inside my solution, and when I run setup.exe, I get this config.txt under Program Files with these permissions :
I want all permissions to be allowed after extracting setup.exe. How can I do that? Thanks
By default the ProgramFiles folder and all subdirectories and files have only Read and Read&Execute permissions for security purposes. So, all files which copies to this folder inherite these permissions.
To change file or folder permissions with help of InstallShield, you could refer to the approtiate documentation. Also it could be achived by launching different tools for working with permissions, like subinacl.exe, icacls.exe, etc with help of custom actions.
But, as mentioned Michael Urman in comments, it's bad idea to place config files with write access under ProgramFiles (and other system folders), because of possible security issues.
So, I also reccomend to refrain from using this logic and store these files in User profile folders.
Related
What I want to do is to check the full logic someones else metabot that was uploaded to repository, or donwloaded from AAE BotStore.
When I'm creating my own metabot in Automation Anywhere I need to pass to AAE IDE dll file.
But when I'm uplaoding it to the server I'm uploading just Metabot without this dll file.
So to sum up I want to locate the dll file that is responsible for Metabot’s logic.
The DLL is actually stored in the .mbot file. If you find the .mbot file in the windows folder directory using Windows File explorer and rename the file extension to .zip from .mbot, you will see it is really a zip file and that inside that zip file is the dll files.
I believe you're being limited by your Control Room permissions. AAE has system defined permissions in this area, which are pre-configured during Control Room installation. For more details on this, please see AAE's supporting documentation. For example, if you were granted the "AAE_Meta Bot Designer" role in the Control Room you would be allowed to "access MetaBot Designer from AAE Client but not allowed to see any bots and/or supporting files."
I have an MVC app and I need to set write permission to Everyone on a single file.
The file is generated on the fly during installation by a custom action script. The file itself is created inside the app folder.
I know the final path of the file, after the installation process
Online I've seen only examples for setting permission to folders and subfolders, none of them seemed to address my issue
I have multiple websites which use /wwwroot/assets folder (html theme, css and javascript files) to load the static content.
Currently I am copying assets folder in each site. All of my projects are sitting under a common parent directory.
I don't want to copy the /wwwroot/assets folder into each website. Is there a way to share one assets folder between all sites. May be by providing a direct file system path or something?
At the moment it's not clear from the documentation what sorts of values the webroot key in the project.json file will accept, but so far it would appear that Visual Studio doesn't care for very complicated paths. For example, setting the value to ../wwwroot causes the entry to disappear in the Solution Explorer.
If you look at the kpm code that bundles your project up for deployment, it appears to combine your project's directory with whatever is stored in the wwwroot key, so even though Visual Studio may not understand it, relative paths appear to be supported. Using kpm bundle from the command line confirms this, and a directory above src bundles correctly when using a relative path.
Depending on your particular needs, there is one way that should work that makes kpm and Visual Studio happy, but it will depend on your build environment as to whether that is a good option for you.
Windows, OSX, and Linux all support creating symbolic links for directories, which would allow you to have your assets directory in one location in the filesystem and then create links to it elsewhere. For example, if you had assets in /projects/shared/assets, you could create a link in both of your other projects (e.g. /projects/project1/src/wwwroot/assets) that point to the "real" location.
In Windows, the command would might something like this
mklink /j "C:\link\to\create" "C:\path\to\assets"
So if you did
mklink /j "C:\source\shared\assets" "C:\source\project1\src\wwwroot\assets"
project1 would appear to have an assets directory inside of wwwroot and the build process would be happy since it would appear to each project that the files were local. One thing to note here is that Windows supports a number of different sorts of links. /j specifically creates a junction rather than a true symbolic link. The differences are a bit subtle, but this is a good description of the differences. It is enough to know that if you're working locally, the /j command doesn't require administrative rights and Visual Studio and kpm will both be happy.
In OSX and Linux, the command is similar:
ln -s /link/to/create /path/to/assets
and like Windows, they support different sorts of links.
In any case, under the right circumstances, this might work well without needing any special support from the new ASP.NET project structure, but it would be nice to eventually have that as well.
I'm creating a WIX installer for a C# application.
In the application I use System.Configuration.ConfigurationManager.AppSettings[Setting1] to get settings.
My question is, where must I place the program.exe.config file on the machine in order for it to work?
I can't place it with the program in ProgramFiles directory, since those files are read-only.
I tried:
Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.PerUserRoamingAndLocal);
config.AppSettings.Settings[Config1].Value = "Value1";
config.Save();
Unfortunately I don't know where it's looking.
Thanks your replies, Trevy
It should be in the same folder of the program.exe. Use wix to copy both program.exe and program.exe.config to the required folder.
If you need to edit the configuration file during the installation you will need to do it using a custom action in wix. Make sure you pass the file path to the custom action and write the code to read the configurations in that file and edit.
The problem isn't that the files there are readonly - the problem is that you are trying to update files in the Program Files folder with your config.Save, and you can't do that if you are a limited user, and you are always limited (even if you are admin) unless you elevate. The short answer is that:
If your app routinely updates files in restricted areas then it probably needs elevation, so give it an elevation manifest.
If however you require you app to be used by limited users and allow them to update that config file then don't install to Program Files. Choose User Appdata folder, for example. Windows is probably using your config file during program startup, so you can't separate it from the exe.
When I was creating an installer for my app, I found I couldn’t save my settings.
The reason is because the Program Files repository, from a practical point of view, is read-only (Applications should never run with elevated permissions). When installing a program, the only time we modify the MyApp.exe.config file is at installation/upgrade/repair time.
The config file has many sections. One of them is userSettings. This is where we store any data we need to modify during the lifetime of the application. When run for the first time, Windows creates a hidden file in the user’s AppData folder. That is why we can save user settings, even though the config file is in the same directory as the MyApp.exe
So the answer is, if we run into permission errors when trying to save our settings it means we are writing our settings to the wrong section of the config file. We need to place it in the userSettings section and nowhere else.
For convenience, Visual Studios has a settings editor (the settings tab of the properties page). It allows you to create strongly typed user and application settings. The generated class lets you save user settings, but not application settings for the above reasons.
I am about to create a MSI package.
During the installation (launched e.g. via double-click on the MSI) some files contained in the MSI are deposited deeper under c:\ProgramData (resp. the CommonAppDataFolder), e.g. c:\ProgramData\myCompany\myApplication.
Later when the installed application is run by the user the application may need to modify these file.
The problem is that neither the running application nor the user e.g. via Windows Explorer has the right to modify any files under c:\ProgramData\myCompany\myApplication created during installation.
The files do not have a readonly attribute set.
The strange thing for me now is: If I install the MSI via msiexec /q /i then I have write permissions on these files.
My MSI is created with WiX, my os is Win 7, the user is member of the administrator group.
Can anyone tell me why that is so, and how I can gain write permissions to these files w/o having to use /q /i?
Thanks
Jan
EDIT 2014-03-24: Damned. I missed to specify the InstallPrivileges attribute on my element, I just didn't know about it.
Setting it to "limited" does not show up a UAC prompt when installing to ProgramData! And now the user / my application is allowed to overwrite files in the destination folder :)
I don't know why that behavior would be different regarding access to that folder unless you have a custom action that does something that is only in the UI sequence. That's the only functional difference I can think of - the UI sequence is suppressed in a silent install.
However the common app data folder is not normally writeable to limited users. I'm not sure how much you know about UAC, but it doesn't matter if the user running the program is an admin or not because by default admins run with limited privileges. If the app needs admin privilege to run then it needs building with an elevation manifest so it asks for elevation to admin privilege. Either that or run it as administrator from a shortcut.
Windows access control is extremely complicated to deal with. In every version of Windows there is something new and changed to deal with, and it looks like the default write access in ProgramData now includes some sort of special ACL / DACL. If this is indeed the problem you can apply new permissions there and open up for regular users to write. Please note that I am not quite aware of exactly what newer versions of Windows apply as default. The tool I generally use to set permissioning is subinacl.exe. A real handful of a tool with a command line that can scare the most experienced system administrators. Some command line samples are here. You can also use the LockPermissions table in MSI, but somehow there are some issues with how these permissions are applied to the file system object. subinacl.exe is more complex, and more capable.
More on file and folder permissioning:
http://technet.microsoft.com/en-us/library/bb727008.aspx
http://support.microsoft.com/kb/308419
With regards to where you should put different types of files on the system, please check this thread.