I'm currently developing an application which needs root privileges for several operations (e.g. deleting system log files, etc.). One solution would be to implement a privileged helper tool which will be launched automatically by launchd. This way the user has to type in an administrator password every time such operation shall be executed (or every time the helper needs to be installed).
Now I wonder if it is possible to create an installer package which will install the application with root privileges so the user types in the administrator credentials just once (during the installation process) and every time the application gets started it is being launched with root permissions (without prompting for admin credentials).
Is there any way to achieve this?
The usual way to do this on Unix systems is to use setuid. Basically, you change the owner of your program to be root, and set the "set user or group ID on execution" bit (s):
$ chown root:root myprogram
$ chmod u+s myprogram
Any time a user then executes your program, it will run as root.
Note, though, that there are very good reasons for prompting for admin credentials.
Using this mechanism (or doing what you're trying to do, in general), can very easily lead to very dangerous security holes like privilege escalation. Any executable you use setuid on should be thoroughly audited by somone familiar with the process, otherwise attackers will root all machines your program is installed on.
I'm writing a cocoa app which needs to modify system proxy settings ( I'm using networksetup to do that ).The problem is that it needs system administrator level access to change proxy settings. I tried running both running an NSTask as administrator using Apple's default API ( I used STPrivilagedTask wrapper for it ) and running a shell script with administrator privileges. It works perfect either way, but the problem is that my app needs to change settings so many times, and user has to type his password every single time.
Is there anyway that I can get the privilege one time, and use it again and again ?
What you're looking to do is write a "privileged helper tool" which gets included (or delivered, or embedded) in your application bundle and you can then call using SMJobBless().
Creating a helper tool is not for the faint of heart, but here is a related question with answers that may set you off down the right path.
It appears there was previously an extension for MMC in Wix2 advising the xmlns http://schemas.microsoft.com/wix/MmcExtension - attempting to read this URL results in an error page currently.
I cannot seem to locate equivalent for Wix3.6, is this deliberately (re)moved, or just missing?
It was removed, you have to manually create the registry keys. This link has a good summation of what you need to do.
The old extension was just a wrapper for the code included in the link above. I'm not sure why they took it out.
You can use also the heat tool (you can find it in the wix bin/ directory).
the usage is simple, you just need to export the registry key generated with installutil and launch the command:
heat reg <your_exported_registry> -o <output_filename>
Related info:
Having generated the registry entries, the larger issue for our MMC snapin was that it was extending the AD Users and Computers Snapin - in particular extending the node types for other directory object types.
I had hoped such a wix extension would cover such, but it was not in the earlier version.
While waiting for Microsoft to address Windows File/Registry protection overly protecting ADUAC and SMADUAC and GPO etc. our customer have requested we work around this.
Using a custom action we take ownership from WRP TrustedInstaller and grant access to Adminstrators group to modify the NodeType key so that additional keys can be added.
Functions sourced initial from MSDN examples
SetPrivilege Example Code
Taking Ownership Example Code
Modify ACL Example Code - this was adjusted Taking ownership to extend ACL rather than create new ACL and blast the old
Some further items of Note:
Pre Win7 - Alternate method to taking ownership would be to use SE_RESTORE_NAME to allow direct changing of an ACL, however installer process from Win7 deliberatly prevents it, this also prevents take ownership from being able to restore the original owner.
Platform Types: SetNamedSecurityInfo doesn't allow 32 bit execution against 64 bit registry - Windows OS limitation still present in Windows 8
It does however allow a 64 bit execution to address both the 64 and wow6432 sections.
For a binary custom action at least need a platform specific dll.
Where would you write an error log file, say ErrorLog.txt, in Windows? Keep in mind the path would need to be open to basic users for file write permissions.
I know the eventlog is a possible location for writing errors, but does it work for "user" level permissions?
EDIT: I am targeting Windows 2003, but I was posing the question in such a way as to have a "General Guideline" for where to write error logs.
As for the EventLog, I have had issues before in an ASP.NET application where I wanted to log to the Windows event log, but I had security issues causing me heartache. (I do not recall the issues I had, but remember having them.)
Have you considered logging the event viewer instead? If you want to write your own log, I suggest the users local app setting directory. Make a product directory under there. It's different on different version of Windows.
On Vista, you cannot put files like this under c:\program files. You will run into a lot of problems with it.
In .NET, you can find out this folder with this:
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)
And the Event Log is fairly simple to use too:
http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlog.aspx
Text files are great for a server application (you did say Windows 2003). You should have a separate log file for each server application, the location is really a matter of convention to agree with administrators. E.g. for ASP.NET apps I've often seen them placed on a separate disk from the application under a folder structure that mimics the virtual directory structure.
For client apps, one disadvantage of text files is that a user may start multiple copies of your application (unless you've taken specific steps to prevent this). So you have the problem of contention if multiple instances attempt to write to the same log file. For this reason I would always prefer the Windows Event Log for client apps. One caveat is that you need to be an administrator to create an event log - this can be done e.g. by the setup package.
If you do use a file, I'd suggest using the folder Environment.SpecialFolder.LocalApplicationData rather than SpecialFolder.ApplicationData as suggested by others. LocalApplicationData is on the local disk: you don't want network problems to stop you from logging when the user has a roaming profile. For a WinForms application, use Application.LocalUserAppDataPath.
In either case, I would use a configuration file to decide where to log, so that you can easily change it. E.g. if you use Log4Net or a similar framework, you can easily configure whether to log to a text file, event log, both or elsewhere (e.g. a database) without changing your app.
The standard location(s) are:
C:\Documents and Settings\All Users\Application Data\MyApp
or
C:\Documents and Settings\%Username%\Application Data\MyApp
(aka %UserProfile%\Application Data\MyApp) which would match your user level permission requirement. It also separates logs created by different users.
Using .NET runtime, these can be built as:
AppDir=
System.Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData)
or
AppDir=
System.Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)
followed by:
MyAppDir = IO.Path.Combine(AppDir,'MyApp')
(Which, hopefully, maps Vista profiles too).
Personally, I would suggest using the Windows event log, it's great. If you can't, then write the file to the ApplicationData directory or the ProgramData (Application Data for all users on Windows XP) directory.
The Windows event log is definitely the way to go for logging of errors. You're not limited to the "Application" log as it's possible to create a new log target (e.g. "My Application"). That may need to be done as part of setup as I'm not sure if it requires administrative privileges or not. There's a Microsoft example in C# at http://support.microsoft.com/kb/307024.
Windows 2008 also has Event Log Forwarding which can be quite handy with server applications.
I agree with Lou on this, but I prefer to set this up in a configuration file like Joe said. You can use
file value="${APPDATA}/Test/log-file.txt"
("Test" could be whatever you want, or removed entirely) in the configuration file, which causes the log file to be written to "/Documents and Settings/LoginUser/Application
Data/Test" on Windows XP and to "/Users/LoginUser/AppData/Roaming/Test on Windows Vista.
I am just adding this as I just spent way too much time figuring how to make this work on Windows Vista...
This works as-is with Windows applications. To use logging in web applications, I found Phil Haack's blog entry on this to be a great resource:
http://haacked.com/archive/2005/03/07/ConfiguringLog4NetForWebApplications.aspx
%TEMP% is always a good location for logs I find.
Going against the grain here - it depends on what you need to do. Sometimes you need to manipulate the results, so log.txt is the way to go. It's simple, mutable, and easy to search.
Take an example from Joel. Fogbugz will send a log / dump of error messages via http to their server. You could do the same and not have to worry about the user's access rights on their drive.
I personally don't like to use the Windows Event Log where I am right now because we do not have access to the production servers, so that would mean that we would need to request access every time we wanted to look at the errors. It is not a speedy process unfortunately, so your troubleshooting is completely haulted by waiting for someone else. I also don't like that they kind of get lost within the ones from other applications. Sure you can sort, but it's just a bit of a nucance scrolling down. What you use will end up being a combination of personal preference coupled along with limitations of the enviroment you are working in. (log file, event log, or database)
Put it in the directory of the application. The users will need access to the folder to run and execute the application, and you can check write access on application startup.
The event log is a pain to use for troubleshooting, but you should still post significant errors there.
EDIT - You should look into the MS Application Blocks for logging if you are using .NET. They really make life easy.
Jeez Karma-killers. Next time I won't even offer a suggestion when the poster puts up an incomplete post.
When an ASP.NET application is running under IIS6.0 in Windows 2003 Server with impersonation, what user account is relevant for deciding file read/write/execute access privileges? I have two scenarios where I am trying to understand what access to grant/revoke. I thought the most relevant user is probably the identity specified in the Application Pool, but that doesn't seem to be the whole story.
The first issue concerns executing a local batch file via System.Diagnostics.Process.Start()--I can't do so when the AppPool is set to IWAM_WIN2K3WEB user, but it works fine if it is set to the Network Service identity. I of course made sure that the IWAM user has execute rights on the file.
The second involves writing to a file on the local hard drive--I'd like to be able to prevent doing so via the access control list via folder properties, but even when I set up all users in the folder as "read" (no users/groups with "write" at all), our ASP.NET still writes out the file no problem. How can it if it doesn't have write access?
Google search turns up bits and pieces but never the whole story.
what user account is relevant for [..] file read/write/execute access
As a rule: Always the user account the application/page runs under.
The IWAM account is pretty limited. I don't think it has permissions to start an external process. File access rights are irrelevant at this point.
If a user account (Network Service in your case) owns a file (i.e. has created it), it can do anything to this file, even if not explicitly allowed. Check who owns your file.
Process Monitor from Microsoft is a great tool to track down subtleties like this one.
A bit more searching reveals that the IWAM user isn't that well documented and we should stick with NETWORK SERVICE or a manually-supplied identity if we want to specify permissions for that user.