Can someone tell me how to set file permissions in Delphi 2006? I am using TINIFile.Create to create INI files in my application. The problem is that if I create the file while logged onto Windows as an administrator and then try to run the application as just a standard user and overwrite the INI file, I do not have permission to do so. I put the file in the AllUsers\ApplicationData\MyProduct folder. I'd like to set the permissions to this folder. I need AllUsers to have Full permissions to the MyProduct folder. If its possible to do this through a WindowsAPI that'd be great because I also need to do this in C++ and C#. I'd really appreciate any help. Thanks!
5 Answers
Although you can do all sorts of permission changes with the right code in Delphi (as admin) a better application structure is to NOT assume that your App has any privileges (you say you want it to run in user mode). Instead, use the installer that will install your App (e.g Inno Setup) to copy a suitable Ini file template into your required data folder. You can specify the permissions that you want using "Permissions: user-modify" on the file copy line.
The correct answer on "how to do that" is "don't do it at all".
If you set "allow to write for anyone" for your MyProduct folder or ini-file - this will be violating security. Because now any user can affect other users - this is not what they should be allowed to do.
Any user must affect only his world. He should not affect worlds of other users. This power is reserved for administrators.
Why is this bad? Obsiosly.
That's why the correct way will be approx. like this:
- Installer of your application MAY put an ini-file into AllUsers folder, but DO NOT alter file's permissions. This file will be default read-only options.
- Your application should read settings from AllUsers folder and from current user folder. If it needs to save settings - it should write to user folder, not AllUsers. That way, each user will have their own preferences/settings.
- If you want that "someone powerfull" should have ability to enforce settings for all users - he should be an administrator. He can edit file in AllUsers, thus affecting settings of all users.
Note, that you also need to decide, which setting have higher priority (global or local). So, you can have both at same time: (a) local settings for each user and (b) ability to enforce/override user's settings.
You can use JEDI library for this. Here is a blog "Setting file security with JWSCL" from posted by Christian Wimmer
I am having a similar problem.
Since you need to do this also in other environments I have a suggestion for you.
Use an external installer to install your application. It has many benefits and one of them is that it will configure for you a File\Directory\Registry permissions during the installation. Of course you would have to run the installation on administrative account but then your users will have the permissions required by your application.
I can recommend you a great installer which is called Inno Setup.