How to grant the permissions on Install Directory with NSIS?

0
votes

I am new to NSIS commands. I have a installer file and I am granting the GenericRead and GenericWrite permissons on my InstallDir.

Below is the code:

AccessControl::GrantOnFile "$INSTDIR\WPFUI" "(BU)" "GenericRead + GenericWrite"

Now problem is: any non admin user can copy new files and dlls in my install directory.

I want to set the required permission which requires admin rights to copy any new files.

I've tried my luck with GenericRead + GenericExecute but still does not work.

Could someone please throw any light on this?

1
.netpermissionsnsisaccess-control

1 Answers

1
votes

You should not let normal users any kind of write access to $InstDir if you are installing to a common location like $ProgramFiles because you end up with issues if multiple users on the same machine are using your program. There are also security issues to think about.

The correct solution is to change your application so that it copies "template data" from $InstDir to $AppData and/or $LocalAppData the first time a user runs your application.

If you don't want to do it this way then you need to be more restrictive in how you change the ACL. You could for example try to restrict it with 

AccessControl::GrantOnFile /NOINHERIT "$INSTDIR\WPFUI" "(BU)" "GenericRead + GenericWrite"
AccessControl::DenyOnFile /NOINHERIT "$INSTDIR\WPFUI" "(BU)" "AddFile"