1

I have application which is installed in C://ProgramFiles. I need installation directory full access to user group to handle update process of application (File download, move, delete, write). So I update inno-script as below.

[InstallDelete]
Type: filesandordirs; Name: "{app}\assets"; BeforeInstall: TaskKill()

[Dirs]
Name: "{app}\assets"; Permissions: users-full; Flags: uninsalwaysuninstall;

[Files]
; Change file path when necessary
; Service, Launcher, Killer, runtime Binaries
Source: "..\..\_Source\Bin\*"; DestDir: "{app}"; Flags: recursesubdirs ignoreversion;

In _Source\Bin folder (Source folder which contained all files) there is some files and assert folder.

The problem is, Installation did not change the assert folder permission time to time, for user group. (Most of times work fine). Here are comparison of two logs with and without issue.

Installer log comparison with and without issue

Please give any idea or any possibility overcome this issue.

Akila Bandara
  • 31
  • 8
  • Granting write access to `Program files` is wrong. For the right approach, see [Deploying application with .NET framework without admin privileges](https://stackoverflow.com/q/48886149/850848). – Martin Prikryl Nov 02 '20 at 07:36
  • Hi Martin, Thanks for your response, In normal method we locate our updating components in user AppData directory. In that scenario there is no permission issue to concern. But in this specific client environment does not support exe files in user AppData dir. I know this approach can be odd. But we need to provide full access to user group in installation directory. – Akila Bandara Nov 02 '20 at 08:06
  • Hi @MartinPrikryl, I attached log comparison image to the question. please refer. Seems like installer create new assets folder after permissions setting – Akila Bandara Nov 04 '20 at 18:02
  • Hi @MartinPrikryl, Please find the log files in this repository. https://github.com/akilaNbandara/Inno-Setup---User-permission Btw I found another way to fixed my problem and I post it as a answer. – Akila Bandara Nov 05 '20 at 18:30

1 Answers1

0

After referring the logs of installer, I found permission granted folder recreated when files copping.

So I decided to set user permission by executing windows icacls command after installer process. So I changed the script like below and after that work as expected.

// Following method will execute to grant user permisions after installation //
procedure PermissionUpdate();
var
  ResultCode: integer;
begin
  Log(ExpandConstant('Giving user group permission :O - CODE: - ' + ExpandConstant('"{app}/assets" /grant *S-1-5-32-545:(OI)(CI)M /t /c /q')));
  
  if Exec('icacls.exe', ExpandConstant('"{app}/assets" /grant *S-1-5-32-545:(OI)(CI)M /t /c /q'), '', SW_HIDE, ewWaitUntilTerminated, ResultCode) then
  begin
    Log('Successfully gave user group permission :)' + IntToStr(ResultCode));
  end
  else begin
    Log('Giving user group permission unsuccessfull :('  + IntToStr(ResultCode));
  end;
end;

procedure CurStepChanged(CurStep: TSetupStep);
begin
  if (CurStep=ssInstall) then
  begin
    if (IsUpgrade()) then
    begin
      UnInstallOldVersion();
    end;
  end
  else if (CurStep=ssPostInstall) then
  begin
    PermissionUpdate();
  end;
end;

So in this fix CurStepChanged method is event hander of the installer. I use post install step (CurStep=ssPostInstall) to run permission update method. In executing icacls method, S-1-5-32-545 is security identifier for User Group.

This may not the solution for which I posted but this fix worked for me.

Akila Bandara
  • 31
  • 8