I'm currently adding Sandboxing support to my app.
Having give permission to my app to access a folder (by dragging it onto my Window) and I would now like to revoke that permission so that I can retest what happens before that permission is given.
How can I do that?
I'm not yet using URL bookmarks, and yet the permission persists across restarts of the application. I don't know if this is because it's a folder rather than a file?
Before you change the permissions of file or folder, you must store the current one for later use. I have never seen a method or system-call to restore previous permissions after a change.
Related
After installing XAMPP to Windows 10 (all default/recommended installation attributes), I now have an issue changing its configuration after opening it.
Error: Cannot create file "C:\xampp\xampp-control.ini".
Access is denied
Clicking Save to a change in Configuration of Control Panel:
This "Configuration of Control Panel" box opens after clicking the "Config" button at the top right of the running XAMPP app:
I've tried a suggestion to run the XAMPP app with Administrator (elevated) access… but that seems like a major security issue, considering I don't know exactly what XAMPP would or could do with my files that require that permission, whether intended by the people who run XAMPP or not.
I've tried re-installing to another folder, like to C:\Users\Me, or a sub-folder like Documents or a custom one, but I just got different permissions issues that I struggled to figure out.
If you know a solution that worked for you, that avoided running XAMPP with Admin privileges, please let me know. I've gone through a handful of seemingly-related questions here but they seem to be related to MySQL/PHP questions and not Windows file system permissions.
I found a solution after noticing that the file already existed from apparently a past workaround I tried with running XAMPP as Admin... based on the permissions of the file being different than its parent folder. I discovered this by right-clicking the xampp folder or the xampp-control.ini file then selecting Properties and clicking the Security tab, then clicking into each attached user account's permissions.
So, my C:\xampp folder has these permissions: for Admin, basically full access; for my user account, Read, Execute, and Write.
The xampp-control.ini file has only Admin permissions; my user account is not attached to it.
Adding my user account to the xampp-control.ini file's Security, and adding Write permission then allowed XAMPP's config panel to save my changes.
Note that I typed my username into the "Enter the object names to select" box, then clicked Check Names; this auto-populated my username reference (?), though I'm not sure how it would work if it finds multiple results. Then I could click OK to get back to the Permissions box to add "Modify" and "Write" for it. I'm completely OK giving my user account permission to modify and write to this file through the XAMPP app.
Now, that fixes that file for that scenario; now I'm wondering if there will be other permissions issues with other files, because I noticed some other files (that I checked randomly) don't all share the same permissions for my user account!
Maybe I should have instead modified the xampp folder's permissions recursively to give my user account Write and/or Modify access (I'm not sure of the difference, Windows permissions seem far more complicated to understand and use than Linux's and Mac's do).
I think the file permissions were all set by XAMPP during install; I don't know yet that expanding permissions on certain files will not create new problems...
I found a solution after noticing that error, here is my solution
go to xampp installation folder on the c drive
Xampp Destination
then find xammp control panel.exe
Xampp Control Panel
then right click and go to properties(or press ALT+ENTER)
Click Properties
then go to compatibility and enable Run this program as an administrator
Compatibility tab
Your Problem is now fixed
In our Mac App we have following credential to entitlement.plist which enables us to read/write to user's file system followed by file browser dialogue:
com.apple.security.files.user-selected.read-write
That does mean we able to read/write a file/folder if once accessed by file browser dialogue. We never able to read/write to files/folder if not accessed by file browser dialogue at least once in an application life cycle.
I didn't found any other possible credential too to entitlement.plist which can enable us read/write to files/folder by completely removing any use of file browser dialogue. Is there any way we can achieve this?
I assume your app is Sandboxed and if so, it's only possible to access the filesystem as defined here:
Powerbox and File System Access Outside of Your Container Your
sandboxed app can access file system locations outside of its
container in the following three ways:
At the specific direction of the user
By using entitlements for
specific file-system locations (described in Entitlements and System
Resource Access)
When the file system location is in certain
directories that are world readable
The OS X security technology that interacts with the user to expand your sandbox is called Powerbox. Powerbox has no API. Your app uses Powerbox transparently when you use the NSOpenPanel and NSSavePanel classes.
Well, the whole point of Sandboxing is to actually don't allow you to access user's files without their knowledge.
The only thing you can probably do is to use com.apple.security.temporary-exception.files.absolute-path.* entitlements to access some specific (read hard-coded) file system locations. You can learn more about temporary exceptions here: App Sandbox Temporary Exception Entitlements.
But keep in mind that you'll have to explain to the Apple Review Team why you need those exceptions in the first place.
I'm trying to delete files inside application folder from my Cocoa application. By enabling Sandbox mode, I'm not able to delete files inside application folder.
This Sandbox mode has some option for enabling Read/Write access to downloads, pictures, movies, music and user selected file.
Before that I enabled Read and Write Access for user selected file and done my deletion using NSOpenPanel. It works fine and deletes files inside application folder but it opens panel every time when I run my app. Here I dont want any user interaction/permission to delete files inside application folder. Is there any solution to delete files with above defined constraints.
You need to use Security-Scoped Bookmarks:
Your app’s access to file-system locations outside of its container—as granted to your app by way of user intent, such as through Powerbox—does not automatically persist across app launches or system restarts. When your app reopens, you have to start over. (The one exception to this is for files open at the time that your app terminates, which remain in your sandbox thanks to the OS X Resume feature).
From Apple's documentation, I didn't understand if there's any way to get pre-approved entitlements to edit files in a specific folder located in the system /Library folder, without asking the user to choose this specific location via NSOpenPanel or similar.
I don't mind, and would actually like, to ask for the user's credentials to make such a change, at specific points in the application's lifetime; but letting the user choose which folder to modify just doesn't make sense in my case.
Found it - the application needs a File Access Temporary Exception entitlement.
PLEASE FORGIVE ME IF THIS IS NOT A RELATED QUESTION. (this is of top priority)
Recently i tried to change the home folder name of my mac mini. i have gone through a website and followed some instructions to do that. finally i have ended up by creating a completely new user profile with a new home folder name.
after some time i have decide to turn back to my old user and deleted the recently created user.
This is where all my problems started. Now my deleted user folder is in my hardisk with the the follwing name - alpha(deleted). This folder is still being treated as my home folder even after logging in from a different user. I am unable to access even my keychain services through mac. Some softwares are asking me to reinstall on this user.... i ran into chaos with this.
Can some one help me to make my current user as default and renew my keychain access... Please help me as this is of high priority for me..
Thank you
This question should be migrated to apple.stackexchange.com, but you need to go into the newly created account in System Preferences Users pane and change the home folder manually, you may have skipped this step. Usually they will tell you to simply rename your old home folder and set it as the home folder for the new user or simply just rename your home folder and set it as the home folder for the current user.