" What I mean: the application is based on MSYS and when a new user starts the unix shell, he needs write access to folders like /home, ... . And /home is contained inside the Programfiles\aplications folder."
No it's not. On Windows the equivalent of Unix "home" directory would be the location set in the USERPROFILE environment variable. Just because your application makes terrible choices about where to put its data, doesn't mean it's the right way to do things. Writing to files under the "Program Files" area has never been allowed on Windows, people just did it before the advent of UAC because there was nothing to stop their bad practices from being shown up as bad practices and you're basically undoing the security of the machine your app gets installed on. Palbinder Sandher Software Platform Engineer T: +44 (0) 141 945 8500 F: +44 (0) 141 945 8501 http://www.iesve.com **Design, Simulate + Innovate with the <Virtual Environment>** Integrated Environmental Solutions Limited. Registered in Scotland No. SC151456 Registered Office - Helix Building, West Of Scotland Science Park, Glasgow G20 0SP Email Disclaimer -----Original Message----- From: BGINFO4X [mailto:bginf...@kztsoftware.com] Sent: 01 June 2013 10:05 To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] Heat - Include question >Re: [WiX-users] Heat - Include question >From: Mike Carlson <corfe83@gm...> - 2013-05-28 20:01 >It's not a good idea for your application to write to allow >non-elevated users to write to its installed application folder under >program files folder. Allowing users to overwrite the application >binaries is a security hole for any customers who might have untrusted users >on the machine. I know, but I think that is the only solution: the application is derived from Unix, and it is "self contained". What I mean: the application is based on MSYS and when a new user starts the unix shell, he needs write access to folders like /home, ... . And /home is contained inside the Programfiles\aplications folder. So in my opinion i'm in a jail and I can't find other solution. Perhaps someone has an idea ... >Did you intend to store user preferences or other user data there? >Instead your app should be written to store this in the user's profile >folder such as under %LOCALAPPDATA%, or in the registry (HKCU). This >avoids security issues, and allows each user on the same machine to >specify their own preferences. I know, but in my case this is not possible, as explained before. >Anyway, what you want can be done by manually adding your own >PermissionEx element(s). I wouldn't know what to recommend as far as >exact authoring of the PermissionEx, but suggest you read the wix.chm >or look through old threads about it on the wix-users archives. Well, In my case I solved it creating permissions on the folder as: <DirectoryRef Id="INSTALLDIR"><Component Id="NTFSPermissionsComponent" Guid="51EC5D4E-E1EA-4964-BE30-38C2AE897C40"> <CreateFolder><Permission User="Everyone" GenericAll="yes"/ </CreateFolder></Component> </DirectoryRef> But ... I will take you recommendation of security, and I will try to allow only the minimum folders with write access inside the program. And I can confirm: using "Everyone" is OK on other languages than English as explained here: http://blogs.msdn.com/b/cjacks/archive/2008/12/04/how-to-set-directory-permissions-at-install-time-using-an-msi-created-using-windows-installer-xml-wix.aspx) Thanks a lot for your time. Regards. 2013/5/27 BGINFO4X <bginf...@kztsoftware.com>: > Hello everyone, > > I'm already finish, ...., but I have a little problem related to the > NTFS Permissions: > > The normal permissions inside %program files% are: Administrators -> > FULL CONTROL ; Users -> Read > > But when the application is executed as a normal user, it doesn't > work: Normal users NEED write access to the folder's program. > > So, I think that the solution goes to giving NTFS to Everyone -> Full > control (as explained in: > http://blogs.msdn.com/b/cjacks/archive/2008/12/04/how-to-set-directory > -permissions-at-install-time-using-an-msi-created-using-windows-instal > ler-xml-wix.aspx) > > The question is: how to assign NTFS permissions with HEAT as a Harvest tool? > > Is the following sentence true? ""The common user names 'Everyone' > and 'Administrators' may be entered in English and are mapped to > well-known SIDs." Or there will be localization problems when > installed in other languages? > > Do you have some recommendations? > > Thanks a lot for your time. > > > > 2013/5/22 BGINFO4X <bginf...@kztsoftware.com>: >> Ok, thanks a lot. >> >> Regards. >> >> 2013/5/21 Mike Carlson <corf...@gmail.com>: >>> Ah, then you do want to support upgrades. Get your upgrade scenario >>> right, and you won't have to worry about having a consistent shortcut name. >>> >>> Read up on "Major Upgrades" here: >>> http://msdn.microsoft.com/en-us/library/windows/desktop/aa369786(v=vs.85).aspx. >>> This will cause the old version to be uninstalled as part of >>> installing the new version. >>> >>> Or you might want to explore "Minor Upgrades" which are slightly >>> lighter >>> weight: >>> http://msdn.microsoft.com/en-us/library/windows/desktop/aa370037(v=v >>> s.85).aspx >>> . >>> >>> >>> >>> On Tue, May 21, 2013 at 9:34 AM, BGINFO4X <bginf...@kztsoftware.com> wrote: >>> >>>> 2013/5/21 Mike Carlson <corf...@gmail.com>: >>>> > You should be able to. Create the shortcut in your own authoring >>>> > file. To point to the file in the generated authoring, see the >>>> > "Target" attribute >>>> of >>>> > the shortcut element in wix.chm. >>>> > >>>> >>>> Thanks a lot , I will try it. >>>> >>>> I have a conceptual question regarding shortcuts: >>>> >>>> I want the installer creates a shortcut in the startup folder for >>>> all users, so the program is started automatically each time the >>>> users logon. >>>> >>>> If the user install a new version without uninstalling the previous >>>> one, then two versions of the program will be executed, and this is >>>> not desirable. >>>> >>>> Is a good practice to create always the same name in the shortcut >>>> in the manner that newer versions overwrite the previous shortcut? >>>> >>>> How to manage this situation? >>>> >>>> Thanks a lot. >>>> >>>> >>>> ------------------------------------------------------------------- >>>> ----------- Try New Relic Now & We'll Send You this Cool Shirt New >>>> Relic is the only SaaS-based application performance monitoring >>>> service that delivers powerful full stack analytics. Optimize and >>>> monitor your browser, app, & servers with just a few lines of code. >>>> Try New Relic and get this awesome Nerd Life shirt! >>>> http://p.sf.net/sfu/newrelic_d2d_may >>>> _______________________________________________ >>>> WiX-users mailing list >>>> WiX-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/wix-users >>>> >>> -------------------------------------------------------------------- >>> ---------- Try New Relic Now & We'll Send You this Cool Shirt New >>> Relic is the only SaaS-based application performance monitoring >>> service that delivers powerful full stack analytics. Optimize and >>> monitor your browser, app, & servers with just a few lines of code. >>> Try New Relic and get this awesome Nerd Life shirt! >>> http://p.sf.net/sfu/newrelic_d2d_may >>> _______________________________________________ >>> WiX-users mailing list >>> WiX-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2 _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
