This question already has an answer here:
How to set permissions of installation folder in Inno Setup
(1 answer)
Closed 18 days ago.
I have an Inno Setup installer which copies some files into Program Files, the [Files] section is set up like this:
[Files]
Source: "Bundled_Files\*"; DestDir: "{commonpf64}\StudioLinked\Romplur\"; Flags: ignoreversion recursesubdirs createallsubdirs; Permissions: users-full;
The files copied from inside Bundled_Files always end up being set to read-only. I've set the permissions to users-full but that doesn't seem to change anything. Is there a way to ensure that files are made NOT read-only?
I tried adding an additional [Dirs] section before the [Files] section like so:
[Dirs]
Name: "{commonpf64}\StudioLinked\Romplur\"; Permissions: users-full;
But this also didn't change the read-only setting on the folders.
Using Inno Setup 6.2.1 on Windows 10. Any help appreciated!
I use the following code to make a subdirectory of my installation directory writable and editable:
[Dirs]
Name: "{app}\MyWritableSubDir"; Permissions: users-modify
However, you should store only data files in any writable directory or sub-directory of "C:\Program Files", never executables: Otherwise this opens a security hole (there is a reason why "C:\Program Files" is read-only for normal users!).
The correct place to store application specific data, as intended by Microsoft, is either the ProgramData directory or the AppData directory. See Where is the correct place to store my application specific data? for a more general discussion.
See https://jrsoftware.org/ishelp/index.php?topic=consts how to use these directories in Inno Setup.
Related
When I want to delete my application (that was installed through an installer with Inno Setup), anything related to it should be removed from my drive.
So my goal is to also delete a temp folder that was created at runtime by my application.
Unfortunately, this line of code was not able to solve my problem
[UninstallDelete]
Type: filesandordirs; Name: "{tmp}\MyTempFolder"
I get this error message in the Debug Output:
Failed to delete directory (145). Will retry later.
I am using Inno Setup to create an installer of my application.
On the first run my application is creating an SQLite database but it can't achieve that while the user doesn't have the permission of modify the installation folder.
I managed to set permissions of files:
[Files]
Source: "D:\....\***.jar"; DestDir: "{app}"; \
Flags: ignoreversion; Permissions: users-full
Source: "D:\....\*"; DestDir: "{app}"; \
Flags: ignoreversion recursesubdirs createallsubdirs; Permissions: users-full
But that doesn't help because I need full users permission on installation folder, for example: C:\Program Files\InstallationFolder
The Permissions parameter of the [Files] section entry applies to the installed files only, not to the implicitly created directories.
To change permissions of a folder, use an explicit entry in the [Dirs] section for the {app}:
[Dirs]
Name: {app}; Permissions: users-full
Though it is not a good practice.
In general, Windows applications shall not require write permissions to their folder. That's against Windows guidelines. The application should write data to a user profile folder (C:\Users\username\AppData) or to a common data folder (C:\ProgramData).
See also Application does not work when installed with Inno Setup.
In your specific case, you better run the database creation process as the Administrator (e.g. using the runascurrentuser flag).
I am currently working on a Windows batch file that will allow me to silently install git (the executable for which will be placed in the folder that the .bat file will be running from) in a pre-specified location on the file system.
I've found this article which seems to provide some suitable advice:
https://github.com/msysgit/msysgit/wiki/Silent-or-Unattended-Installation
However, I'm not entirely sure what parameters I would need to mention in my LOADINF file. I would like to pre-define the options that the user would manually select throughout the various stages of installation, so that it can run through from start to finish without prompting anything from the user.
Can anyone help or point me to a place where I can find these parameters and their available values?
Create a file, for eg. my-config.cnf (or my-config.ini) with the following content:
[Setup]
Lang=default
Dir=C:\Program Files (x86)\Git
Group=Git
NoIcons=0
SetupType=default
...
<other options as shown in the msysgit wiki>
Now, in the batch file, when you execute the installation file (say msysgit-install.exe), use /LOADINF as follows:
msysgit-install.exe /SILENT /LOADINF="my-config.cnf"
We are creating an application that updates it's files under Program Files - we've run into some permission errors and were starting to wonder who should be owner of files - the "SYSTEM" user or the one that installed the software? After inspecting the "Program Files" folder we see that some software binaries have the user as owner, some "SYSTEM". We are failing to overwrite some files and the only weird thing seems to be that the owner of our updater binary is the "SYSTEM" user.
Is always better to install apps that needs write permissions in a folder under C: or you can look at ntfs permissions on that folder and add your users.
I've a windows service that updates our product. It copies the product files into a temp directory, usually "C:\Windows\Temp", patches the binaries, and then uses MoveFileEx to copy the files back to the install directory on a reboot, usually "C:\Program Files\Product". The files in the install directory are inheriting their security attributes from the parent folder. After the copy, patch, and reboot, the files in the install directory are missing some ACLs. Specifically the files don't have the ACL for the Users group anymore so users can no longer run the program after the reboot.
Can anyone explain whats going on here? It seems that copying from the install directory to the temp directory, the files inherit the ACLs of the temp directory. On the MoveFileEx/Reboot, though, the files only inherit the ACLs that both the install and temp directories have in common.
In Windows if you copy a file the file takes on the ACLs of the destination directory. If you move a file the ACL goes with it overriding any it might inherit from that directory. I'm not sure how MoveFileEx might operate differently on a file.
The temp directory is usually located under the user profile (both %TMP% and %TEMP% usually point here) so copying files here will have permissions for that user. Moving those files to the program files directory will take only that users rights with them and therefore only runnable by the installing user.
One potential workaround is to patch copies of the files with-in the same directory but with different names. After the reboot, the patched versions could be swapped in. Alternatively, do a reboot first and then patch them in-place, and just back them up to the temp directory in the event a manual rollback is required.
If you really want to move them to a different location, creating a temp folder in the same place as the files to be patched would help the permissions stay the same assuming the directory is using inherited permissions.