Hello, Sorry for the delay. Finally, after all your coments, I redesigned the application:
/home is pointed to $USERPROFILE /OUT is pointed to $TEMP /EXPORT is pointed to $USERPROFILE/BGINFO4X/REPORT /BASE/CONF/OUT is pointed to $USERPROFILE/BGINFO4X/BASE/CONF/OUT Now, there is no necessary to modify the NTFS permissions of the installation program folder. The application is now secured by default (or at least I think it). Thanks a lot to everyone for all your recommendations. Regards. 2013/6/15 Blair Murri <os...@live.com>: > Sorry to break in here 10 days later, but this is important. > > The section of the page pointed to by this URL seems to indicate that the > "/home" directory can be redirected to wherever you need it to be (e.g. a > user location instead of under program files). > > http://www.rtems.org/wiki/index.php/MinGW_Tools_for_Windows#MSYS_Shell > > Don't muck with the file system security under Program Files. Even on > UNIX/LINUX/etc. that isn't allowed (if you aren't root there are few places > you can walk all over). > > Either of the things indicated in that section can be done using WiX without > forcing write access to non-admins in places it doesn't belong. > > Please don't make your customer's systems insecure. It makes a worse world > for all of us. > > Blair Murri > >> From: pally.sand...@iesve.com >> To: wix-users@lists.sourceforge.net >> Date: Wed, 5 Jun 2013 16:48:00 +0000 >> Subject: Re: [WiX-users] Heat - Include question >> >> " What I mean: the application is based on MSYS and when a new user starts >> the unix shell, he needs write access to folders like /home, ... . And /home >> is contained inside the Programfiles\aplications folder." >> >> No it's not. On Windows the equivalent of Unix "home" directory would be the >> location set in the USERPROFILE environment variable. >> Just because your application makes terrible choices about where to put its >> data, doesn't mean it's the right way to do things. Writing to files under >> the "Program Files" area has never been allowed on Windows, people just did >> it before the advent of UAC because there was nothing to stop their bad >> practices from being shown up as bad practices and you're basically undoing >> the security of the machine your app gets installed on. >> >> Palbinder Sandher >> Software Platform Engineer >> T: +44 (0) 141 945 8500 >> F: +44 (0) 141 945 8501 >> http://www.iesve.com >> >> **Design, Simulate + Innovate with the <Virtual Environment>** >> Integrated Environmental Solutions Limited. Registered in Scotland No. >> SC151456 >> Registered Office - Helix Building, West Of Scotland Science Park, Glasgow >> G20 0SP >> Email Disclaimer >> >> -----Original Message----- >> From: BGINFO4X [mailto:bginf...@kztsoftware.com] >> Sent: 01 June 2013 10:05 >> To: General discussion for Windows Installer XML toolset. >> Subject: Re: [WiX-users] Heat - Include question >> >> >Re: [WiX-users] Heat - Include question >> >From: Mike Carlson <corfe83@gm...> - 2013-05-28 20:01 >> >> >It's not a good idea for your application to write to allow >> >non-elevated users to write to its installed application folder under >> >program files folder. Allowing users to overwrite the application >> >binaries is a security hole for any customers who might have untrusted >> >users on the machine. >> >> I know, but I think that is the only solution: the application is derived >> from Unix, and it is "self contained". >> What I mean: the application is based on MSYS and when a new user starts the >> unix shell, he needs write access to folders like /home, ... . And /home is >> contained inside the Programfiles\aplications folder. >> >> So in my opinion i'm in a jail and I can't find other solution. >> Perhaps someone has an idea ... >> >> >Did you intend to store user preferences or other user data there? >> >Instead your app should be written to store this in the user's profile >> >folder such as under %LOCALAPPDATA%, or in the registry (HKCU). This >> >avoids security issues, and allows each user on the same machine to >> >specify their own preferences. >> >> I know, but in my case this is not possible, as explained before. >> >> >Anyway, what you want can be done by manually adding your own >> >PermissionEx element(s). I wouldn't know what to recommend as far as >> >exact authoring of the PermissionEx, but suggest you read the wix.chm >> >or look through old threads about it on the wix-users archives. >> >> Well, In my case I solved it creating permissions on the folder as: >> <DirectoryRef Id="INSTALLDIR"><Component Id="NTFSPermissionsComponent" >> Guid="51EC5D4E-E1EA-4964-BE30-38C2AE897C40"> >> <CreateFolder><Permission User="Everyone" GenericAll="yes"/ >> </CreateFolder></Component> </DirectoryRef> >> >> But ... I will take you recommendation of security, and I will try to allow >> only the minimum folders with write access inside the program. >> >> And I can confirm: using "Everyone" is OK on other languages than English as >> explained here: >> >> http://blogs.msdn.com/b/cjacks/archive/2008/12/04/how-to-set-directory-permissions-at-install-time-using-an-msi-created-using-windows-installer-xml-wix.aspx) >> >> Thanks a lot for your time. >> >> Regards. >> >> 2013/5/27 BGINFO4X <bginf...@kztsoftware.com>: >> > Hello everyone, >> > >> > I'm already finish, ...., but I have a little problem related to the >> > NTFS Permissions: >> > >> > The normal permissions inside %program files% are: Administrators -> >> > FULL CONTROL ; Users -> Read >> > >> > But when the application is executed as a normal user, it doesn't >> > work: Normal users NEED write access to the folder's program. >> > >> > So, I think that the solution goes to giving NTFS to Everyone -> Full >> > control (as explained in: >> > http://blogs.msdn.com/b/cjacks/archive/2008/12/04/how-to-set-directory >> > -permissions-at-install-time-using-an-msi-created-using-windows-instal >> > ler-xml-wix.aspx) >> > >> > The question is: how to assign NTFS permissions with HEAT as a Harvest >> > tool? >> > >> > Is the following sentence true? ""The common user names 'Everyone' >> > and 'Administrators' may be entered in English and are mapped to >> > well-known SIDs." Or there will be localization problems when >> > installed in other languages? >> > >> > Do you have some recommendations? >> > >> > Thanks a lot for your time. >> > >> > >> > >> > 2013/5/22 BGINFO4X <bginf...@kztsoftware.com>: >> >> Ok, thanks a lot. >> >> >> >> Regards. >> >> >> >> 2013/5/21 Mike Carlson <corf...@gmail.com>: >> >>> Ah, then you do want to support upgrades. Get your upgrade scenario >> >>> right, and you won't have to worry about having a consistent shortcut >> >>> name. >> >>> >> >>> Read up on "Major Upgrades" here: >> >>> http://msdn.microsoft.com/en-us/library/windows/desktop/aa369786(v=vs.85).aspx. >> >>> This will cause the old version to be uninstalled as part of >> >>> installing the new version. >> >>> >> >>> Or you might want to explore "Minor Upgrades" which are slightly >> >>> lighter >> >>> weight: >> >>> http://msdn.microsoft.com/en-us/library/windows/desktop/aa370037(v=v >> >>> s.85).aspx >> >>> . >> >>> >> >>> >> >>> >> >>> On Tue, May 21, 2013 at 9:34 AM, BGINFO4X <bginf...@kztsoftware.com> >> >>> wrote: >> >>> >> >>>> 2013/5/21 Mike Carlson <corf...@gmail.com>: >> >>>> > You should be able to. Create the shortcut in your own authoring >> >>>> > file. To point to the file in the generated authoring, see the >> >>>> > "Target" attribute >> >>>> of >> >>>> > the shortcut element in wix.chm. >> >>>> > >> >>>> >> >>>> Thanks a lot , I will try it. >> >>>> >> >>>> I have a conceptual question regarding shortcuts: >> >>>> >> >>>> I want the installer creates a shortcut in the startup folder for >> >>>> all users, so the program is started automatically each time the >> >>>> users logon. >> >>>> >> >>>> If the user install a new version without uninstalling the previous >> >>>> one, then two versions of the program will be executed, and this is >> >>>> not desirable. >> >>>> >> >>>> Is a good practice to create always the same name in the shortcut >> >>>> in the manner that newer versions overwrite the previous shortcut? >> >>>> >> >>>> How to manage this situation? >> >>>> >> >>>> Thanks a lot. >> >>>> >> >>>> >> >>>> ------------------------------------------------------------------- >> >>>> ----------- Try New Relic Now & We'll Send You this Cool Shirt New >> >>>> Relic is the only SaaS-based application performance monitoring >> >>>> service that delivers powerful full stack analytics. Optimize and >> >>>> monitor your browser, app, & servers with just a few lines of code. >> >>>> Try New Relic and get this awesome Nerd Life shirt! >> >>>> http://p.sf.net/sfu/newrelic_d2d_may >> >>>> _______________________________________________ >> >>>> WiX-users mailing list >> >>>> WiX-users@lists.sourceforge.net >> >>>> https://lists.sourceforge.net/lists/listinfo/wix-users >> >>>> >> >>> -------------------------------------------------------------------- >> >>> ---------- Try New Relic Now & We'll Send You this Cool Shirt New >> >>> Relic is the only SaaS-based application performance monitoring >> >>> service that delivers powerful full stack analytics. Optimize and >> >>> monitor your browser, app, & servers with just a few lines of code. >> >>> Try New Relic and get this awesome Nerd Life shirt! >> >>> http://p.sf.net/sfu/newrelic_d2d_may >> >>> _______________________________________________ >> >>> WiX-users mailing list >> >>> WiX-users@lists.sourceforge.net >> >>> https://lists.sourceforge.net/lists/listinfo/wix-users >> >> ------------------------------------------------------------------------------ >> Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free >> troubleshooting tool designed for production Get down to code-level detail >> for bottlenecks, with <2% overhead. >> Download for free and get started troubleshooting in minutes. >> http://p.sf.net/sfu/appdyn_d2d_ap2 >> _______________________________________________ >> WiX-users mailing list >> WiX-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wix-users >> >> >> >> ------------------------------------------------------------------------------ >> How ServiceNow helps IT people transform IT departments: >> 1. A cloud service to automate IT design, transition and operations >> 2. Dashboards that offer high-level views of enterprise services >> 3. A single system of record for all IT processes >> http://p.sf.net/sfu/servicenow-d2d-j >> _______________________________________________ >> WiX-users mailing list >> WiX-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wix-users > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
