Go Back   Winamp & Shoutcast Forums > Developer Center > NSIS Discussion

Thread Tools Search this Thread Display Modes
Old 15th November 2013, 08:23   #1
Junior Member
Join Date: Nov 2013
Posts: 1
Red face AccessControl Plugin - how give all authenticated users write access


What is the right approach?

I used HM NIS Edit 2.0.3 with NSIS 2.4.6 and have built a well working .nsi file. Also, the resulting setup.exe works great.

However, there is a database file (database.db) which, after being installed by the setup.exe, only has read access. I had tried to set write access on the source file before compiling setup.exe, but this attribute gets "lost" after the copy process when installing.

My question is:
Where exactly in the .nsi file must I add:
AccessControl::GrantOnFile \"$INSTDIR\database.db" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete"

More questions:
does this work in vista, win 7 and win 8? I am trying to write the above directly into the .nsi.

Is it better, more compatible with different windows versions to use (S-1-5-11) for the authenticated Users pseudo-group?
If using S-1-5-11 is the better approach, must the command look this?:
AccessControl::GrantOnFile \"$INSTDIR\database.db" "(S-1-5-11)" "GenericRead + GenericExecute + GenericWrite + Delete"

Thanks for any feedback!
Marcus_newToNsis is offline   Reply With Quote
Old 15th November 2013, 14:06   #2
Anders's Avatar
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,445
Using the SID should work on any machine all the way back to NT4 but you are not really supposed to enable write access to files in $programfiles.

A) It is a security risk (The biggest issue is exe and dll files but a corrupted/manipulated data file could also cause issues)

B) Does not work with multiple users logged in (Remote desktop, switch user etc)

You really should store the database under $appdata...
Anders is offline   Reply With Quote
Go Back   Winamp & Shoutcast Forums > Developer Center > NSIS Discussion

accesscontrol, acl, modify, nsis, write

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump