Login/Register
How do you set directory permissions in NSIS?
Asked Answered
Solved windowsinstallationpermissionsnsis
K

6

39

I'm trying to build a Windows installer using Nullsoft Install System that requires installation by an Administrator. The installer makes a "logs" directory. Since regular users can run this application, that directory needs to be writable by regular users. How do I specify that all users should have permission to have write access to that directory in the NSIS script language?

I admit that this sounds a like a sort of bad idea, but the application is just an internal app used by only a few people on a private network. I just need the log files saved so that I can see why the app is broken if something bad happens. The users can't be made administrator.

Kostroma answered 22/9, 2008 at 19:15 Comment(0)
K
38

Use the AccessControl plugin and then add this to the script, where the "logs" directory is in the install directory.

AccessControl::GrantOnFile "$INSTDIR\logs" "(BU)" "FullAccess"

That gives full access to the folder for all users.

Kostroma answered 22/9, 2008 at 19:47 Comment(0)
H
19

AccessControl::GrantOnFile "<folder>" "(BU)" "FullAccess" didn't work for me on a Windows Server 2008 machine. Instead I had to use this one:

AccessControl::GrantOnFile "<folder>" "(S-1-5-32-545)" "FullAccess"

S-1-5-32-545 is equivalent to "Users" according to Microsoft Support: Well-known security identifiers in Windows operating systems.

Herrin answered 13/10, 2010 at 16:1 Comment(0)
A
10

Instead of changing the permissions on directories under Program Files, why not put the logs in a location that is writeable by all users.

See the 4.9.7.7 SetShellVarContext section in your NSIS documentation. You can use it with $APPDATA to get the application data folder that is writeable for all users.

Arceliaarceneaux answered 24/9, 2008 at 18:56 Comment(1)
Take a look at this answer for how to accomplish this in log4net: #469489Insuperable
M
6

It's an old issue now but as suggested by Sören APPDATA directory is a nice way to do what you want, the thing is : Don't take user's personnal APPDATA but the "All Users" APPDATA dir! This way anyone will be able to access the log file ;-)

Also, I read somewhere that using (BU) on the GrantOnFile is not working well with some systems (Win 7 x64 if I remember well), maybe you should use the SID "(S-1-5-32-545)" instead (it's the All Users' SID, this value is a constant on each Windows OS)

Maidel answered 3/3, 2011 at 8:57 Comment(0)
F
5

One way: call the shell, and use cacls or xcacls.

Fattish answered 22/9, 2008 at 19:21 Comment(0)
M
2

Why not create a log-directory in the user's %APPDATA% directory? Do you really need to put all the logs in the install directory? Why?

Merchant answered 22/9, 2008 at 19:22 Comment(1)
I want other users to be able to view the logs too. If they are in the users APPDATA directory, then if user 1 runs the app, only user 1 or an admin can see the log file.Kostroma

© 2022 - 2024 — McMap. All rights reserved.