Solved

Where to put a application data file shared by all users in XP & NT

Posted on 2004-10-31
292 Views
Last Modified: 2010-04-05
Hi, I have a prog that needs to read & write to a file that is shared by *all* users of a PC (no matter how lowly their rights). It needs to support win 9.x, NT (inc. XP). In XP is the best place to put it in:
C:\Documents and Settings\All Users\Application Data\...etc ?
and is this path supported by NT 4 etc or would I need to put it somewhere else to guarantee free read/write access by everyone?
Thanks alot
P
0
Question by:Pandora
    15 Comments
     
    LVL 7

    Expert Comment

    by:sftweng
    If the size is not prohibitive, you might use TRegistryIniFile.
    0
     
    LVL 7

    Expert Comment

    by:sftweng
    I don't have a Windows 9x machine around any more but I don't recall the existence of C:\Documents and Settings\All Users\Application Data\... prior to NT.

    Is there any reason not to use the folder (directory) in which the application resides?
    0
     
    LVL 11

    Expert Comment

    by:calinutz
    There would be a problem only if there is a problem with the rights to access the files on either station. So if you have read/write rights on both machines and your file do not exceed 4GB in size you can place your file on either of the machines.
    You only have to share it (file sharing) with full rigths for everyone.
    The best way would be to place it in a "normal" folder like c:\MyFolder and share it. So you wouldn't have to worry about changes in your users configuration.
    0
     
    LVL 7

    Expert Comment

    by:sftweng
    calinutz, as I read the question, this issue is access on the same PC by different users, not network access. Of course, setting file access privileges is essential.
    0
     
    LVL 1

    Author Comment

    by:Pandora
    Exactly sftweng, its multiple users/accounts on a single machine having read/write access to the same file - Originally we had the file in the program files dir with the application, but non power users in XP cannot (via the app) write to this file due to security. I have tried adding the 'everyone' account as an ACE to the ACL for the file but this seems to make no difference (I think I read somewhere that there is a system ACL that protects the contents of the program files dir from non-power users and this I think takes precedence over any explicit setting of the ACL). Really what I'm asking is what does everybody else do - where's the standard place to put a shared file in NT/XP?! I'm not to fussed about win 9.x as I can just treat this separately if need be, I just want to put the file somewhere out of the way but somewhere everyone can read/write to it.
    Thanks
    P
    0
     
    LVL 7

    Expert Comment

    by:sftweng
    If you're not concerned about 9x, then probably ...\All Users\Application Data\<yourapp> would be the best place.
    0
     
    LVL 7

    Expert Comment

    by:sftweng
    Of course, if you REALLY want it to be visible, put it in ...\All Users\Desktop
    0
     
    LVL 1

    Author Comment

    by:Pandora
    Ok - thx. I want it tucked away from the users but accessible by the app. But is this path
    ...\All Users\Application Data\<yourapp>
     supported in other versions of NT as well as XP ie NT 4, Server, 2000? And will it definately give access to all?
    Thx
    P
    0
     
    LVL 17

    Expert Comment

    by:Wim ten Brink
    It might just be easier to dump your data in a folder relative from the root folder. C:\YourFolder for example. This would be accessible by all users, unless you change the security settings for this folder. In general, it is even better to store it in C:\YourCompanyName\YourProductName in case you create multiple applications that need to share data. The contents of folders accessible from the root are often unprotected, thus open for every user. (Yeah, a flaw in the Windows security...)
    0
     
    LVL 2

    Expert Comment

    by:LSORRELLS
    You need to create a folder and share it with full control to all users of the computer.  This will not be an issue with Win 9X user.  It's better to create a folder off the root of a hard drive rather than try and place it in a defalut windows user folder as different Flavors handle it differently and you would have to adjust alter your program accordingly.  And the security issues relating to sharing it will limited to that folder which is more platable to security folk.
    0
     
    LVL 1

    Author Comment

    by:Pandora
    *Moderator, please read! *

    Hi all, sorry for the delay getting back to you...now then. Hmm. I'm very sorry, but at the risk of being booed out of the forum, I'm not going to accept any of the above as an answer, sorry! I appreciate everyones help but after some investigation and experimentation, I've decided that the actual answer I was looking for was really that my question was wrong! To explain:
    I think its bad practice to use well known bugs in commercial software; bugs have a habit of getting fixed & to rely on them could be disastrous, especially if you have an app thats rolled out to many users. In Windows in this day & age, I don't think its really on to ignore windows conventions & install to anywhere other than the designated directories unless theres a reason to do so; programs should go in the program files directory etc - this is kinda what the user expects and is used to. So really this question was all about security and the answer I think I should have got was, put them in the program files directory and ensure that you change the permissions on the files. This is what I have now done, but I found all the NT security stuff a bit tricky at first so I could have done with a few pointers here; which for 500 pts would have been fair I think. Btw, for anyone experiencing similar problems to me - I used Madshis MadSecurity to manipulate the ACL for a given file/directory and added the 'everyone' ACE (see www.madshi.net) to allow unlimited access (I found deallocating the ACL didnt do the job but adding this ACE if it wasn't present did). Obviously u have to have Administrator permissions to be able to do this, so I added code to test for this in the prog/installation too with warnings etc that files couldnt be shared with limited users unless an Admin ran it etc. That said, I have just discovered an added complication; it seems extended file security is only available on NTFS drives, not FAT32 so I'm adding some conditional testing for this too otherwise if you're testing if an ACE is present, on FAT32 the answer will be no but access will still be unlimited (I think - yet to test!). So anyway, I'll get back to you...Don't really know what to do with points but would like the Q to stay in PAQ for others jumping this hurdle? Praps Madshi could have em, or would that cause a riot?! If anything I guess LSORRELLS came closest, but a bit scant for 500? This is what I went for anyway, just a simple let everyone have full access fn

    //This is the full read/write access type constant for the ACE
    PATH_FULL_ACCESS:cardinal=2032127;

    Function File_SetEveryoneFullAccessRights(APath:string; IsDACL:boolean=true):boolean;
    begin
    //Because a file can't have child folders or files, set with inheritance off
    result:=Path_SetEveryoneFullAccessRights(APath, false, false, IsDACL);
    end;

    //just the same call but supplied for function name consistency
    Function Folder_SetEveryoneFullAccessRights(APath:string; IsChildFilesInheritPermissions:boolean=true; IsChildFoldersInheritPermissions:boolean=true; IsDACL:boolean=true):boolean;
    begin
    result:=Path_SetEveryoneFullAccessRights(APath, IsChildFilesInheritPermissions, IsChildFoldersInheritPermissions, IsDACL);
    end;

    both using the private & a bit messy fn:

    //Madshis acl stuff to allow access for all to the
    //specified registry keys for NT etc
    Function Path_SetEveryoneFullAccessRights(APath:string; IsChildFilesInheritPermissions:boolean=true; IsChildFoldersInheritPermissions:boolean=true; IsDACL:boolean=true):boolean;
    var
    AACL     :IAcl;//an access control list
    ANewAce,
    AAce     :IAce; //an access control entry (within the ACL)
    NewFlags :TAceFlags;
    begin
    Result:=true;
    try
       AACL:=Path_GetACL(APath,IsDACL); //Nb Dont change system ACL .SACL
       //If no ACL is assigned ie its deallocated then may need to create one
       If Assigned(AACL) then
          If AACL.IsAllocated then
             begin
             AAce:=AACL.FindItem(Everyone); //Ie Everyone is the full access account
             NewFlags:=[];
             //Set the inheritance flags for files & folders
             If IsChildFilesInheritPermissions then
                NewFlags:=[afObjectInherit];
             If IsChildFoldersInheritPermissions then
                NewFlags:=NewFlags+[afContainerInherit];
             //Have changed this to add the 'everyone' account rather than deallocating the entire ACL as this seems a bit safer
             If (not assigned(AAce)) or (not AAce.IsValid) then //ie if Everyone is not found (NB AAce is still assigned but its not 'valid' and AAce.account.name will ="")
                begin
                ANewAce:=NewAce(Everyone,PATH_FULL_ACCESS,atAllowed,NewFlags);
                AACL.AddItem(ANewAce); //was AACL.Deallocate; //Ie if no ACL is set then access is available to everyone, if blank ACL no access to anyone
                end
                else
                //If the account already exists then update it to the full access, full allowed
                If (AAce.Access<>PATH_FULL_ACCESS) or (not (AAce.type_=atAllowed)) or (AAce.flags<>NewFlags) then
                   begin
                   AAce.Access:=PATH_FULL_ACCESS;
                   AAce.type_:=atAllowed;
                   //ie objectinherit=files inherit, containerinherit=folders inherit
                   //so this would not apply to files
                   AAce.flags:=NewFlags;
                   end;
             If AACL.IsDirty then
                AACL.flush;//ie flush any changes that haven't been made yet
             end;
       except
       result:=false;
       end;
    end;

    0
     
    LVL 7

    Expert Comment

    by:sftweng
    Two hours and 35 minutes after you asked the question in the second response to the question, I asked:

    "Is there any reason not to use the folder (directory) in which the application resides?".

    You have responded:

    "So really this question was all about security and the answer I think I should have got was, put them in the program files directory and ensure that you change the permissions on the files."

    Seems damned obvious to me that I gave you the answer that you needed. Giving the right permissions was just a little too obvious for me to state it explicitly. Like asking someone whether the computer is plugged in when asked why it's not working. But I stated it anyway in my answer at 11:02.

    I suggest you take more care in framing your question in the future if you believe that you asked the wrong question. It's not easy reading minds on this medium.
    0
     
    LVL 1

    Author Comment

    by:Pandora
    Sorry to ruffle your feathers Sftweng - I think it was pretty clear that I was experiencing problems using the folder in which the application resides, which is why I asked the question in the first place. And I agree when you say, 'it is pretty hard reading minds on this medium', which is why if the 'obvious' solution of changing permissions was so patently obvious to *you*, it may have been helpful to me if you'd mentioned this and more specifically how to do it. Instead, when I qualified the problem in response to your comment you replied with the 'solution':

    if you're not concerned about 9x, then probably ...\All Users\Application Data\<yourapp> would be the best place.

    If instead you'd said, keep 'em where they are, set permissions & this is how you do it (oh & watch out for FAT32); the points would be yours and I would pass them over very happily.
    0
     
    LVL 2

    Accepted Solution

    by:
    I think we all need to relax and let Pandora keep his/her points.  I agree with one very important principal that has been alluded to.  Frequently we try and answer the question when what we really need to do is listen to the question and then try and find a solution to the problem.  They are very frequently not the same thing.  We can pat ourselves on the back for having answered a question correctly and send someone out there with a structural or other problem still in place which our answers have not addressed.  Granted we weren't asked to, but we are supposed to help and sometimes that involves ignoring the actually question posed.
    0
     
    LVL 1

    Author Comment

    by:Pandora
    Thank you LSorrells, and yes thank you all for your time I do not mean to seem ungrateful I just wanted information that helped me to be available to others. Thanks all, P
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
    In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
    This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
    This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.

    856 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now