C++ MSI 包管理权限
这是我遇到的问题,
我有一个通过将数据写入 .txt 文件来运行的 C++ 应用程序,我想为该应用程序创建一个 MSI 包.
I have a C++ application that runs by writing data to .txt files and I want to create an MSI Package for the application.
当我构建和运行我的应用程序时,一切都很好,但是当我运行我的 MSI 设置文件时,创建的应用程序确实获得了正确的运行权限.
When I build and run my app all is fine but when I run my MSI Setup File the created application does get granted the correct privileges to function.
即使我将它们包含在包中并将它们设置为系统文件,我也找不到允许应用写入所需 .txt 文件的方法.
I can't find a way to allow the app to write to the .txt files needed even if I include them in the package and set them as system files.
如果我以管理员身份运行"一切正常,但这并不合理,因为我需要它在以用户身份运行"时运行.
If I "Run as administrator" all is well but that isn't really plausible as I need it to function while "Running as User".
是否在安装时提示用户同意以管理员权限安装,因此不必在每次启动之前手动完成.
Is there anyway to prompt the user while installing to agree to an install with admin rights, so it doesn't have to be done manually before a prompt each launch.
任何能让我的代码再次运行的东西都很棒,谢谢.
Anything that can get my code running again would be brilliant, thanks.
推荐答案
Longer Writeup:System.UnauthorizedAccessException while running .exe under program files(除了下面列出的选项之外的其他几个选项).
Longer Writeup: System.UnauthorizedAccessException while running .exe under program files (several other options in addition to the ones listed below).
每个用户文件夹:我认为您应该将相关文件安装到 每个用户文件夹(用户可写 -例如 My Documents
),或作为模板到 per-machine 文件夹(普通用户不可写入 - 例如 %ProgramFiles%
)和然后让您的应用程序将模板从每台计算机的位置复制到当前用户的 My Documents
文件夹 - 例如.然后你写入那里的文件 - 普通用户将具有写访问权限.我想您也可以写入为用户设置的网络共享.
Per-User Folder: I would think you should install the files in question to a per-user folder (writeable for user - for example My Documents
), or as templates to a per-machine folder (not writeable for normal users - for example %ProgramFiles%
) and then have your application copy the templates from the per-machine location to the current user's My Documents
folder - for example. Then you write to the files there - where a regular user will have write access. I suppose you could also write to a network share which is set up for users to have access.
海拔:有可能,要求应用程序运行提升(链接可能已过时 - .NET 略有不同),但对于像写入文本文件这样简单的事情来说,这是一种可怕的方法.我永远不会需要这样的高度.提升权限无处不在,您不希望您的应用程序使用城市的钥匙运行 - 您成为黑客目标,您的工具中的错误变得武装和危险.
Elevation: It is possible, to require the application to run elevated (link might be outdated - for .NET it is slightly different), but this is a horrible approach for something as simple as writing to text files. I would never require such elevation. Elevated rights are pervasive, and you don't want your application to run with the keys to the city - you become a hacker target and bugs in your tool become armed and dangerous.
ACL 修改:也可以将文本文件安装到每台机器的位置,并对它们应用 ACL 权限,这样即使普通用户也可以写入它们如果他们没有更高的权利.这里有一些关于如何执行此操作的信息(要点 2).这种方法在当今时代不受欢迎,但它会奏效.请注意,您的 ACL 权限不应太紧,以防您写入新文件,删除旧文件并将新文件重命名为旧名称 - 除了文件之外,您还需要创建文件写得很清楚――NTFS 中有非常细粒度的控制.GenericWrite
应该可以解决我的想法.
ACL Modification: It is also possible to install the text files to a per-machine location and apply ACL permissioning to them so that they are writeable for regular users even if they don't have elevated rights. There is some information on how to do this here (bullet point 2). This approach is frowned upon in this day and age, but it will work. Be on the alert that your ACL permissioning shouldn't be too tight, in case you write to a new file, delete the old one and rename the new file to the old name during your write operation - you need file create in addition to file write obviously - there is very fine-grained control in NTFS. GenericWrite
should do the trick I think.
一些链接(松散连接,添加以便于检索):
Some Links (loosely connected, added for easy retrieval):
- 创建文件夹和文件在当前用户个人资料上,来自管理员个人资料
- 为什么在使用 MSI 时限制将文件部署到用户配置文件或 HKCU 是个好主意?
- 在用户文件夹中创建一个.config文件夹
相关文章