I am working on a project that reads and writes data to a couple files. Now, this works properly until it it begins being used by multiple users. Due to the way the program works, it need to be able to read and modify the files regardless of the user.
The Setup:
Two token files (License files) Stored in:
C:/ProgramData/MyCompany/MyProject/myToken.tkn
C:/ProgramData/Temp/1234jklqsdjlkqhsd== -> Same as the Token, just the file name/extension encrypted
1 Debug Log
C:/ProgramData/MyCompany/MyProject/logs/debug.log
How the program works.
1. The program is run by an initial user. It is then activated with a number of uses license which is saved into the token file, then copied into the temp path with the name encrypted. The debug.log file is accessed whenever something needs to be written. The files are accessed using a streamreader / streamwriter object.
2. The program is then run by another user on the same computer, the software runs and the number of uses decreases and in turn updates the primary token, removes the temp token, then copies the modifed token over. All progress is logged in the log.
What's happening
The primary user gets no access problems, can created tokens, and debug log no issues. When the next user logs in the program can read from the tokens and the logs, but cannot write to them. Looking at the permissions of the files, the user is not set to "modify" access, only Administrators and the Initial Creator can. Now I cannot have this program be run as administrator due to security reasons. Also, the files cannot be on a per-user basis as the tokens must be in a shared directory so all uses can update the tokens.
I've tried to change the permissions on the files to grant all people in the "Users" group read, write, execute. This worked until the next user logged in and wrote to the file, this resulted in the permissions being reset on the file and stopped the allowance of other users to modify the file, and also set the file as them being the owner.
I have seen that you can run a program called icacls however it required Admin to be run.
What I need to know
Is there a way to set file permissions for a file on create/modify so that I can ensure that the file can be accessed and changed by all regardless? I've looked online and I have only seen one option that isn't viable, and that is to create a "File Creator / Modifier" account, and have the program pretend to be that user when modifying the files. As the users are domain controlled, and is part of a very tightly controlled network, computer accounts cannot be created.
Question
firey
I am working on a project that reads and writes data to a couple files. Now, this works properly until it it begins being used by multiple users. Due to the way the program works, it need to be able to read and modify the files regardless of the user.
The Setup:
Two token files (License files) Stored in:
C:/ProgramData/MyCompany/MyProject/myToken.tkn
C:/ProgramData/Temp/1234jklqsdjlkqhsd== -> Same as the Token, just the file name/extension encrypted
1 Debug Log
C:/ProgramData/MyCompany/MyProject/logs/debug.log
How the program works.
1. The program is run by an initial user. It is then activated with a number of uses license which is saved into the token file, then copied into the temp path with the name encrypted. The debug.log file is accessed whenever something needs to be written. The files are accessed using a streamreader / streamwriter object.
2. The program is then run by another user on the same computer, the software runs and the number of uses decreases and in turn updates the primary token, removes the temp token, then copies the modifed token over. All progress is logged in the log.
What's happening
The primary user gets no access problems, can created tokens, and debug log no issues. When the next user logs in the program can read from the tokens and the logs, but cannot write to them. Looking at the permissions of the files, the user is not set to "modify" access, only Administrators and the Initial Creator can. Now I cannot have this program be run as administrator due to security reasons. Also, the files cannot be on a per-user basis as the tokens must be in a shared directory so all uses can update the tokens.
I've tried to change the permissions on the files to grant all people in the "Users" group read, write, execute. This worked until the next user logged in and wrote to the file, this resulted in the permissions being reset on the file and stopped the allowance of other users to modify the file, and also set the file as them being the owner.
I have seen that you can run a program called icacls however it required Admin to be run.
What I need to know
Is there a way to set file permissions for a file on create/modify so that I can ensure that the file can be accessed and changed by all regardless? I've looked online and I have only seen one option that isn't viable, and that is to create a "File Creator / Modifier" account, and have the program pretend to be that user when modifying the files. As the users are domain controlled, and is part of a very tightly controlled network, computer accounts cannot be created.
Link to comment
Share on other sites
11 answers to this question
Recommended Posts