Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Privileges/owner issue when writing in C:\ProgramData\

As pointed out in Writing config file in C:\Program Files (x86)\MyApp\myapp.cfg, vs. Administrator privilege, it is not a good idea to write a config file in C:\Program Files (x86)\MyApp\myapp.cfg.

Instead of this, my software now saves its data in a subdir of %ALLUSERSPROFILE% (ex : C:\ProgramData\MyApp\myapp.cfg on Win7)

[I use myfile = open(filename, 'a') in Python to do this.]

I now encounter an issue about this file :

  • I installed the software with User A, and ran it, then the file C:\ProgramData\MyApp\myapp.cfg was written.
  • Then, I changed user to User B, and ran my software again : now an error is displayed : User 2 has no right to write in C:\ProgramData\MyApp\myapp.cfg (Permission denied).

Why? Isn't %ALLUSERSPROFILE% a place that can be written by all users? How to solve this problem ?

like image 967
Basj Avatar asked Feb 28 '14 23:02

Basj


People also ask

Does ProgramData require admin rights?

ProgramData specifies the path to the program-data folder (normally C:\ProgramData). Unlike the Program Files folder, this folder can be used by applications to store data for standard users, because it does not require elevated permissions.

How do I get to ProgramData in C drive?

To view the "ProgramData" folder you will need to go to the Windows control panel , select "Appearance and Personalization", and find the "folder options" dialog. Select the View Tab, make the changes shown above, and click OK. You should now be able to see and access the "ProgramData" folder.

Is ProgramData accessible by all users?

The ProgramData folder in Windows 11/10 contains all the data, settings, and user files that are required by the installed software and UWP apps. This directory contains application data for all users. This folder is used for application data that is not user-specific.

Is ProgramData a hidden folder?

On modern versions of Windows, you'll see a “ProgramData” folder on your system drive—usually the C:\ drive. This folder is hidden, so you'll only see it if you show hidden files in File Explorer.


2 Answers

No, C:\ProgramData, aka FOLDERID_ProgramData, has restricted security settings. Standard users can create files there. But these files are, by default, secured so that only the user that created the file can subsequently modify the file.

The recommended solution is for your installer to create a sub directory of C:\ProgramData for your shared storage. And that sub directory must be given a permissive ACL by the installation program. That is what grants the desired access to all standard users.

I do wonder whether you really need shared writeable data. Normally I'd expect to see shared configuration be something that is specified at install time and modified infrequently by administrators. Most configuration data tends to be per user.

like image 142
David Heffernan Avatar answered Oct 11 '22 14:10

David Heffernan


I'd like to add onto this as I was having issues writing to C:\ProgramData as well. My issue ended up being that my directory/files within C:\ProgramData were written by an administrator. When my app ran under a normal user it was unable to write there so Windows automatically used C:\Users\fooface\AppData\Local\VirtualStore\ProgramData instead. I found the path it was writing to by using process monitor on my application. After seeing this I deleted the files out of C:\ProgramData and ran my app again and it wrote there as expected.

Hope this helps someone.

like image 30
Daniel Caban Avatar answered Oct 11 '22 14:10

Daniel Caban