Privileges/owner issue when writing in C:\ProgramData\
As pointed out in Writing config file in C:\Program Files (x86)\MyApp\myapp.cfg, vs. Administrator privilege, it is not a good idea to write a config file in C:\Program Files (x86)\MyApp\myapp.cfg.
Instead of this, my software now saves its data in a subdir of %ALLUSERSPROFILE% (ex : C:\ProgramData\MyApp\myapp.cfg on Win7)
[I use myfile = open(filename, 'a') in Python to do this.]
I now encounter an issue about this file :
- I installed the software with
User A, and ran it, then the fileC:\ProgramData\MyApp\myapp.cfgwas written. - Then, I changed user to
User B, and ran my software again : now an error is displayed :User 2has no right to write inC:\ProgramData\MyApp\myapp.cfg(Permission denied).
Why? Isn't %ALLUSERSPROFILE% a place that can be written by all users?
How to solve this problem ?
Answer
No, C:\ProgramData, aka FOLDERID_ProgramData, has restricted security settings. Standard users can create files there. But these files are, by default, secured so that only the user that created the file can subsequently modify the file.
The recommended solution is for your installer to create a sub directory of C:\ProgramData for your shared storage. And that sub directory must be given a permissive ACL by the installation program. That is what grants the desired access to all standard users.
I do wonder whether you really need shared writeable data. Normally I'd expect to see shared configuration be something that is specified at install time and modified infrequently by administrators. Most configuration data tends to be per user.