2

I have a user interface that is running as a normal user.

The user interface communicates via tcp/ip with a server component running as a windows service.

The service runs as local system.

My problem is that the service creates new folders under "ProgramData\MyApp". These new created files and folders cannot be opened by a normal user as they were create by "System".

During setup process the permissions of the directory "ProgramData\MyApp" are already altered so that everyone has full access. But it is not inherited by subfolders created by the service.

Should the service alter the permissions of created files and folders? Or can i prepare the "ProgramData\MyApp" folder to allow everyone to access new created files and folders?

FIXED: My problem was that the files with wrong rights were copied from the temp directory. The rights from the temp directory have been inherited...

Benjamin
  • 120
  • 1
  • 7
  • Is the Windows Service and the User interface app running on the same computer? – Stefan P. Oct 26 '12 at 09:06
  • @Benjamin Window service is updating the permission of the folder. Its possibilty that folder is being created again and again. So check your code for that. http://sourcedaddy.com/windows-xp/applying-permissions-subfolders-through-inheritance.html – Nipun Ambastha Oct 26 '12 at 09:07
  • @StefanP.: Yes they are on the same computer. Therefore i'm able to open files directly. There is no need to send the files over tcp. Altough this would also be a workaound. RPC is done via tcp, file transfer is direct. – Benjamin Oct 26 '12 at 09:15
  • @NipunAmbastha: The folder is only created once. There is a check whether the directory exists. But if it not exists, the service creates it. – Benjamin Oct 26 '12 at 09:16

2 Answers2

2

Event if your Windows Service is running as local system you should use impersonation for the code that creates the folders. This way the user that calls the service will have full rights on folder and files.

If you want the folder to be accessed by any local user you can use AddAccessRule, take a look here C# - Set Directory Permissions for All Users in Windows 7

Community
  • 1
  • 1
Stefan P.
  • 9,489
  • 6
  • 29
  • 43
  • Ok, that would at least be the same as setting permissions manually. Can i impersionate to an account that is equal to "everyone"? I want everyone to be able to read the file. – Benjamin Oct 26 '12 at 09:28
  • By "everyone" you mean the Users group? – Stefan P. Oct 26 '12 at 09:32
  • Yes, my software does save all necessary stuff for all users in the same directory. I don't care about window user rights at all :) (I know this is not really best practice) – Benjamin Oct 26 '12 at 09:56
0

Do not use impersonation. Just set the file access permissions.

Here is an example for directories: https://stackoverflow.com/a/5398398/70386 (it works the same for files)

MSDN:

Community
  • 1
  • 1
jgauffin
  • 99,844
  • 45
  • 235
  • 372