Saturday, May 31, 2008

Custom Installer Creating Folder, Setting Permissions

When implementing custom installers you sometimes may want to created directories when the setup is executed. This may not be sufficient since you may also want to set sufficient permissions on those new directories so that users have access to the directories and the files in them.

The first thing to know is that an installer typically runs with elevated rights as the discussion on Chris Jackson's blog indicates. This means that your installer has sufficient rights to create directories but also to set appropriate permissions.

And here is the code for creating a directory and setting permissions:

public static void CreateWithReadAccess(string targetDirectory) {
try {
if(!Directory.Exists(targetDirectory)) {
Directory.CreateDirectory(targetDirectory);
}
DirectoryInfo info = new DirectoryInfo(targetDirectory);
SecurityIdentifier allUsersSid =
new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid,
null);
DirectorySecurity security = info.GetAccessControl();
security.AddAccessRule(
new FileSystemAccessRule(allUsersSid,
FileSystemRights.Read,
AccessControlType.Allow));
info.SetAccessControl(security);
}
catch(Exception ex) {
Debug.WriteLine(ex.ToString());
}
}

This code checks for existence of the directory first. If the directory doesn't exist yet it is created. Then the security settings are applied. In this case the Read permissions are granted to all members of the group BUILTIN\Users.

By selecting another member of the WellKnownSidType enumeration you can grant permissions to a different group. Alternatively, if you'd like to grant permissions to a specific user, have a look at the NTAccount class. An instance of it can be passed into the FileSystemAccessRule constructor as a first parameter as well.

4 comments:

Jeroen Korsten said...

Hello Manfred,

Thanx for you post, i think it can really help me.
But there is one problem.
I have put this in my application and want to set the folder rights to FileSystemRights.Modify but for an unknown (to me) reason it doesn't put the folder rights to modify. I've also tried Full Acces but this doesn't work neither.

What I do is:
I've created this function (same as yours)

public static void CreateWithModifyAccess(string targetDirectory)
{
try
{
if (!Directory.Exists(targetDirectory))
{
Directory.CreateDirectory(targetDirectory);
}
DirectoryInfo info = new DirectoryInfo(targetDirectory);
SecurityIdentifier allUsersSid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
MessageBox.Show("allUserSid = " + allUsersSid.ToString());
DirectorySecurity security = info.GetAccessControl();
MessageBox.Show("security = " + security.ToString());
security.AddAccessRule(new FileSystemAccessRule(allUsersSid, FileSystemRights.Modify, AccessControlType.Allow));
info.SetAccessControl(security);
MessageBox.Show("rechten gezet");
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}

this function is the first thing I call when the application starts (So I call it in the main function)

static void Main(string[] args)
{
//See if user has admin rights
WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);
if (principal.IsInRole(WindowsBuiltInRole.Administrator))
{
String sFolder = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + @"\App folder\";
MessageBox.Show("sFolder = " + sFolder);
CreateWithModifyAccess(sFolder);
}

Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
.......

When the user has admin rights I must be able to change the folder rights. But it doesn't work.
Maybe the problem is this is de folder where the application is installed and it already contains some files/folders.

Hope you can help me

Kind regards

Jeroen

Manfred Lange said...

I'm not sure whether I have a quick solution for your particular scenario. Let me ask two questions:
1. What operating system are you on?
2. When you say "It doesn't work": What do you observe? Does the code execute properly? Do you get an exception? Where and what does it say?
Thanks,
Manfred.

sunil said...

I installed a setup and it takes the path in program files (eg. c:\program files\abc). Now I want to create a temporary text in the abc folder for limited user in 32bit and 64bit windows 7. I creating application in visual studio 2008,framework 3.5,c# and window forms. Its urgent please reply.

Thanks in advance.

Manfred Lange said...

@Sunil: Thank you for your reply. I think the best place to ask your question is the official WiX web site. There you can find a tutorials, FAQs and a mailing list for more detailed discussions.

Post a Comment

All comments, questions and other feedback is much appreciated. Thank you!