PDA

View Full Version : set ntfs permission



bgeller
30th June 2011, 00:32
I have a Qt application (that I developed) which has worked on Windows XP SP2 and Debian Linux. I recently installed this app on Windows XP SP3, and found permissions issues.

It seems that this SP has added some of the annoying Vista security problems. The default NTFS permissions have changed and Postgres does not have the appropriate permissions to write to the directory my application creates. Not a big issue to resolve on Linux, Windows is the problem.

I have done a simple test I can change the NTFS permission by hand, but this is sloppy. I want to find a way to do it programatically in Qt. I believe I need a way to change the permissions for the "everyone" group, on just the new directory.

I have looked at QDir and QFile but so far nothing comes to mind. Any ideas?

TIA,

Barbara

wysota
30th June 2011, 00:56
Use the native API.

bgeller
30th June 2011, 01:35
Use the native API.

So there is nothing in Qt to handle this? That seems a bit strange and limted, IMO. I know Windows is not the best platform but there should be some support for basic functionality in Qt. Until I can find somethnig I guess I look at using the Windows API diretcly.

I need this souce will be used for both Windows and Linux. So, can you give me a manual or reference to read about what I need to interface Qt with the Windows API? I have looked on this forum and so far I have found nothing.

Barbara

ChrisW67
30th June 2011, 02:08
There is lowest-common-denominator, cross-platform permissions support in Qt (see QFile::permissions()). However, you are a asking a question for which the answer can be a lot more complicated than whether a single file is writeable or not. The only access to the full NTFS ACL is through the Windows API. You access the Windows API by following the Windows documentation: try looking for GetSecurityInfo or Security Descriptors. This is a minefield of jargon and assumed knowledge, and not for the faint-of-heart.

Setting permissions on folders and files related to your application is probably better handled in your installer where you can be sure you have sufficient privilege to manipulate these things and have higher-level mechanisms to work with.

Some other notes:

You should assume your application is not running with admin rights and cannot change system directory permissions.
There are system sanctioned locations for shared data that you can query through QDesktopServices (or the Windows API) and you should consider using these rather than your program directory.

bgeller
30th June 2011, 02:35
Thank you for all the details. I have been looking at SetSecurityInfo() in the WinApi. A bit unsure about the parameters I need, however I should be able to work that part out. I simply need to change the permissions for a single folder so Postgres can create the database. This is a one time issue when the program starts the very first time.

I use NSIS for installing and I will take a look their docs for setting folder permissions. This is a good idea, just thought it would be easier to do in Qt.

The reason I am doing this, is to give the user the abiltiy to put the application and data where they want. I personally find it annoying when a program insists on a location. I have no idea why Windows developers believe putting data in "documents and settings" is a good idea.

If I do decide to pursue the WinApi approach, I was looking for some Qt information regarding what process it takes to integrate. I am sure there are some h files and possible a lib or two that are needed. This is what I found odd, that there is no information about this in the two books I have or this forum. Hopefully someone can direct me to a simple tutorial.

Thanks for your assistance.

Barbara

ChrisW67
30th June 2011, 04:26
There's not a lot of information about generic Windows C++ programming in this forum because its focus is the Qt libraries. Depending on what you need to do, it can be as simple as:


#ifdef Q_OS_WIN32
#include <windows.h>
#endif

...
#ifdef Q_OS_WIN32
// do Win32 specific stuff here (random example)
HINSTANCE libHandle = LoadLibrary(L"SomeFunkyLib.DLL");
if (libHandle != NULL) {
...
}
#else
// do stuff that works elsewhere here
#endif

and then building on Windows where the user32 and gdi32 libraries are typically linked by default. For non-core Windows API you may need to link another library or two (LIBS variable in qmake).

wysota
30th June 2011, 17:48
The reason I am doing this, is to give the user the abiltiy to put the application and data where they want. I personally find it annoying when a program insists on a location. I have no idea why Windows developers believe putting data in "documents and settings" is a good idea.
Don't you think it should be the user's responsibility to provide a directory with enough access rights? If you make a directory writable to everyone, you effectively disable any protection of that directory. I doubt any user wants a program to mess with permissions to his data.

As for the earlier part -- Qt is not a panaceum, it doesn't implement every possible API just because it exists. If some API exists for one platform only, there is no point in duplicating it if it can't be used on other platforms anyway.

squidge
30th June 2011, 20:44
I personally find it annoying when a program insists on a location. I have no idea why Windows developers believe putting data in "documents and settings" is a good idea.Read the developer guidelines set out by Microsoft. Different directories are there for good reason.

For example, a Windows 7 application:

"should be installed to the Program Files folder by default. User data or application data must never be stored in this location."

"All application data exclusive to a specific user and not to be shared with other users of the computer must be stored in Users\<username>\AppData"

"All application data that must be shared among users on the computer should be stored within ProgramData"

etc, etc...

"Users\<username>\AppData" on Windows 7 is the equivalent of "Documents and Settings" on Windows XP. This why applications store there data here - it is the right place to store it.

Creating directories in protected locations and modifying access rights in those directories may simply fail in newer versions of the OS (as it would be considered only installers would require such access). Create your directories in "AppData" and you don't need to do such modifications.

bgeller
1st July 2011, 07:40
I have never believed in using "Program Files" for data, even back in the Windows 2000 days. Not sure why anyone would do that.

This is a program that would be usable by everyone that has physical access to the computer. So in my simple case I am not worried about exclusive rights.

I respect that versions like Windows XP and Windows 7 have a specified place for data. I personally hold the belief that a user or company should be able to override the location of the data if they so choose. If someone wants to run my application from a different folder or drive, they should be able to do so and they are alerted about the responsibility involved with this choice.

I am glad we are talking about the reasons for my choices as well as different options. I am considering lots of different ways to resolve this and give my users what they want.

Barbara

squidge
1st July 2011, 08:49
I would agree. I would probably solve it something like as follows:

If they install the data in the recommended location, nothing needs to be done. The applications performs all initialisation required.
If they install the data in a custom location then its upto the user to ensure appropriate permissions.

That way the user gets a choice, but if they decide to exercise that choice the additional setup is upto them. It also gets rid of the "Do you want this program to make changes to your computer?" that recent versions of Windows display upon certain API calls (and permission requests).

high_flyer
1st July 2011, 14:59
Off topic:

I personally hold the belief that a user or company should be able to override the location of the data if they so choose.
heh... windows and apple OS are NOT the system to be used for such "liberal" thinking ;-)