• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

Where to put a application data file shared by all users in XP & NT

Hi, I have a prog that needs to read & write to a file that is shared by *all* users of a PC (no matter how lowly their rights). It needs to support win 9.x, NT (inc. XP). In XP is the best place to put it in:
C:\Documents and Settings\All Users\Application Data\...etc ?
and is this path supported by NT 4 etc or would I need to put it somewhere else to guarantee free read/write access by everyone?
Thanks alot
P
0
Pandora
Asked:
Pandora
  • 6
  • 5
  • 2
  • +2
1 Solution
 
sftwengCommented:
If the size is not prohibitive, you might use TRegistryIniFile.
0
 
sftwengCommented:
I don't have a Windows 9x machine around any more but I don't recall the existence of C:\Documents and Settings\All Users\Application Data\... prior to NT.

Is there any reason not to use the folder (directory) in which the application resides?
0
 
calinutzCommented:
There would be a problem only if there is a problem with the rights to access the files on either station. So if you have read/write rights on both machines and your file do not exceed 4GB in size you can place your file on either of the machines.
You only have to share it (file sharing) with full rigths for everyone.
The best way would be to place it in a "normal" folder like c:\MyFolder and share it. So you wouldn't have to worry about changes in your users configuration.
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
sftwengCommented:
calinutz, as I read the question, this issue is access on the same PC by different users, not network access. Of course, setting file access privileges is essential.
0
 
PandoraAuthor Commented:
Exactly sftweng, its multiple users/accounts on a single machine having read/write access to the same file - Originally we had the file in the program files dir with the application, but non power users in XP cannot (via the app) write to this file due to security. I have tried adding the 'everyone' account as an ACE to the ACL for the file but this seems to make no difference (I think I read somewhere that there is a system ACL that protects the contents of the program files dir from non-power users and this I think takes precedence over any explicit setting of the ACL). Really what I'm asking is what does everybody else do - where's the standard place to put a shared file in NT/XP?! I'm not to fussed about win 9.x as I can just treat this separately if need be, I just want to put the file somewhere out of the way but somewhere everyone can read/write to it.
Thanks
P
0
 
sftwengCommented:
If you're not concerned about 9x, then probably ...\All Users\Application Data\<yourapp> would be the best place.
0
 
sftwengCommented:
Of course, if you REALLY want it to be visible, put it in ...\All Users\Desktop
0
 
PandoraAuthor Commented:
Ok - thx. I want it tucked away from the users but accessible by the app. But is this path
...\All Users\Application Data\<yourapp>
 supported in other versions of NT as well as XP ie NT 4, Server, 2000? And will it definately give access to all?
Thx
P
0
 
Wim ten BrinkSelf-employed developerCommented:
It might just be easier to dump your data in a folder relative from the root folder. C:\YourFolder for example. This would be accessible by all users, unless you change the security settings for this folder. In general, it is even better to store it in C:\YourCompanyName\YourProductName in case you create multiple applications that need to share data. The contents of folders accessible from the root are often unprotected, thus open for every user. (Yeah, a flaw in the Windows security...)
0
 
LSORRELLSCommented:
You need to create a folder and share it with full control to all users of the computer.  This will not be an issue with Win 9X user.  It's better to create a folder off the root of a hard drive rather than try and place it in a defalut windows user folder as different Flavors handle it differently and you would have to adjust alter your program accordingly.  And the security issues relating to sharing it will limited to that folder which is more platable to security folk.
0
 
PandoraAuthor Commented:
*Moderator, please read! *

Hi all, sorry for the delay getting back to you...now then. Hmm. I'm very sorry, but at the risk of being booed out of the forum, I'm not going to accept any of the above as an answer, sorry! I appreciate everyones help but after some investigation and experimentation, I've decided that the actual answer I was looking for was really that my question was wrong! To explain:
I think its bad practice to use well known bugs in commercial software; bugs have a habit of getting fixed & to rely on them could be disastrous, especially if you have an app thats rolled out to many users. In Windows in this day & age, I don't think its really on to ignore windows conventions & install to anywhere other than the designated directories unless theres a reason to do so; programs should go in the program files directory etc - this is kinda what the user expects and is used to. So really this question was all about security and the answer I think I should have got was, put them in the program files directory and ensure that you change the permissions on the files. This is what I have now done, but I found all the NT security stuff a bit tricky at first so I could have done with a few pointers here; which for 500 pts would have been fair I think. Btw, for anyone experiencing similar problems to me - I used Madshis MadSecurity to manipulate the ACL for a given file/directory and added the 'everyone' ACE (see www.madshi.net) to allow unlimited access (I found deallocating the ACL didnt do the job but adding this ACE if it wasn't present did). Obviously u have to have Administrator permissions to be able to do this, so I added code to test for this in the prog/installation too with warnings etc that files couldnt be shared with limited users unless an Admin ran it etc. That said, I have just discovered an added complication; it seems extended file security is only available on NTFS drives, not FAT32 so I'm adding some conditional testing for this too otherwise if you're testing if an ACE is present, on FAT32 the answer will be no but access will still be unlimited (I think - yet to test!). So anyway, I'll get back to you...Don't really know what to do with points but would like the Q to stay in PAQ for others jumping this hurdle? Praps Madshi could have em, or would that cause a riot?! If anything I guess LSORRELLS came closest, but a bit scant for 500? This is what I went for anyway, just a simple let everyone have full access fn

//This is the full read/write access type constant for the ACE
PATH_FULL_ACCESS:cardinal=2032127;

Function File_SetEveryoneFullAccessRights(APath:string; IsDACL:boolean=true):boolean;
begin
//Because a file can't have child folders or files, set with inheritance off
result:=Path_SetEveryoneFullAccessRights(APath, false, false, IsDACL);
end;

//just the same call but supplied for function name consistency
Function Folder_SetEveryoneFullAccessRights(APath:string; IsChildFilesInheritPermissions:boolean=true; IsChildFoldersInheritPermissions:boolean=true; IsDACL:boolean=true):boolean;
begin
result:=Path_SetEveryoneFullAccessRights(APath, IsChildFilesInheritPermissions, IsChildFoldersInheritPermissions, IsDACL);
end;

both using the private & a bit messy fn:

//Madshis acl stuff to allow access for all to the
//specified registry keys for NT etc
Function Path_SetEveryoneFullAccessRights(APath:string; IsChildFilesInheritPermissions:boolean=true; IsChildFoldersInheritPermissions:boolean=true; IsDACL:boolean=true):boolean;
var
AACL     :IAcl;//an access control list
ANewAce,
AAce     :IAce; //an access control entry (within the ACL)
NewFlags :TAceFlags;
begin
Result:=true;
try
   AACL:=Path_GetACL(APath,IsDACL); //Nb Dont change system ACL .SACL
   //If no ACL is assigned ie its deallocated then may need to create one
   If Assigned(AACL) then
      If AACL.IsAllocated then
         begin
         AAce:=AACL.FindItem(Everyone); //Ie Everyone is the full access account
         NewFlags:=[];
         //Set the inheritance flags for files & folders
         If IsChildFilesInheritPermissions then
            NewFlags:=[afObjectInherit];
         If IsChildFoldersInheritPermissions then
            NewFlags:=NewFlags+[afContainerInherit];
         //Have changed this to add the 'everyone' account rather than deallocating the entire ACL as this seems a bit safer
         If (not assigned(AAce)) or (not AAce.IsValid) then //ie if Everyone is not found (NB AAce is still assigned but its not 'valid' and AAce.account.name will ="")
            begin
            ANewAce:=NewAce(Everyone,PATH_FULL_ACCESS,atAllowed,NewFlags);
            AACL.AddItem(ANewAce); //was AACL.Deallocate; //Ie if no ACL is set then access is available to everyone, if blank ACL no access to anyone
            end
            else
            //If the account already exists then update it to the full access, full allowed
            If (AAce.Access<>PATH_FULL_ACCESS) or (not (AAce.type_=atAllowed)) or (AAce.flags<>NewFlags) then
               begin
               AAce.Access:=PATH_FULL_ACCESS;
               AAce.type_:=atAllowed;
               //ie objectinherit=files inherit, containerinherit=folders inherit
               //so this would not apply to files
               AAce.flags:=NewFlags;
               end;
         If AACL.IsDirty then
            AACL.flush;//ie flush any changes that haven't been made yet
         end;
   except
   result:=false;
   end;
end;

0
 
sftwengCommented:
Two hours and 35 minutes after you asked the question in the second response to the question, I asked:

"Is there any reason not to use the folder (directory) in which the application resides?".

You have responded:

"So really this question was all about security and the answer I think I should have got was, put them in the program files directory and ensure that you change the permissions on the files."

Seems damned obvious to me that I gave you the answer that you needed. Giving the right permissions was just a little too obvious for me to state it explicitly. Like asking someone whether the computer is plugged in when asked why it's not working. But I stated it anyway in my answer at 11:02.

I suggest you take more care in framing your question in the future if you believe that you asked the wrong question. It's not easy reading minds on this medium.
0
 
PandoraAuthor Commented:
Sorry to ruffle your feathers Sftweng - I think it was pretty clear that I was experiencing problems using the folder in which the application resides, which is why I asked the question in the first place. And I agree when you say, 'it is pretty hard reading minds on this medium', which is why if the 'obvious' solution of changing permissions was so patently obvious to *you*, it may have been helpful to me if you'd mentioned this and more specifically how to do it. Instead, when I qualified the problem in response to your comment you replied with the 'solution':

if you're not concerned about 9x, then probably ...\All Users\Application Data\<yourapp> would be the best place.

If instead you'd said, keep 'em where they are, set permissions & this is how you do it (oh & watch out for FAT32); the points would be yours and I would pass them over very happily.
0
 
LSORRELLSCommented:
I think we all need to relax and let Pandora keep his/her points.  I agree with one very important principal that has been alluded to.  Frequently we try and answer the question when what we really need to do is listen to the question and then try and find a solution to the problem.  They are very frequently not the same thing.  We can pat ourselves on the back for having answered a question correctly and send someone out there with a structural or other problem still in place which our answers have not addressed.  Granted we weren't asked to, but we are supposed to help and sometimes that involves ignoring the actually question posed.
0
 
PandoraAuthor Commented:
Thank you LSorrells, and yes thank you all for your time I do not mean to seem ungrateful I just wanted information that helped me to be available to others. Thanks all, P
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

  • 6
  • 5
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now