[SOLVED]Administrator permissions required
-
Hi!
I'm trying to make an updater for my application.
I'm searching for a way, how to change permissions on .dll (Windows) files, so that they can be changed without administrator privileges ( program update might one day require to update .dll file).
I tried setting file permissions (QFile::setPermissions) with administrator permissions, but operation failed.
I can download file and write it to hard drive, but later I cannot delete it or rename it... ( Typical Windows thing since Vista)
How do other installers/updaters have this problem solved?Another this is, why does a program also need administrator privileges as soon as network module is added to project?
Is there a way to use normal permissions? On Windows OS, there is usually only firewall warning.Regards,
Jake -
Giving non-Admin users access to modify/replace the DLL is a severe security issue! Don't do it !!!
There is a reason why on Vista and later "C:\Program Files" is protected.
Instead, if you need to update the DLL, make the update program request "admin" privileges (via UAC manifest).
And, if the user agrees to install the update (UAC dialog!), updating will work fine.
You can, for example, make the "main" program download & run the update program, which will then take over.
...or you distribute a second "updater" EXE along with the "main program" EXE file.
--
The correct way to do it with NSIS, for example:
http://pastebin.com/EvMkyLLt -
[quote author="MuldeR" date="1357951299"]Giving non-Admin users access to modify/replace the DLL is a severe security issue! Don't do it !!!
There is a reason why on Vista and later "C:\Program Files" is protected.
Instead, if you need to update the DLL, make the update program request "admin" privileges (via UAC manifest).
And, if the user agrees to install the update (UAC dialog!), updating will work fine.
You can, for example, make the "main" program download & run the update program, which will then take over.
...or you distribute a second "updater" EXE along with the "main program" EXE file.
--
The correct way to do it with NSIS, for example:
http://pastebin.com/EvMkyLLt[/quote]Yeah, what MuldeR said. It's a bad idea to give non-Admin users access. They could do bad stuff to it. So don't do it please.
-
If you really had to update a DLL from a non-elevated process, which I still think is a bad idea, you'd have to install it into "%%APPDATA%%\Your Company\Your App". And of course you cannot update the DLL while there is still some process running that uses the DLL. That's yet another reason to create a proper installer/updater program. NSIS has a nice "LockedList":http://nsis.sourceforge.net/LockedList_plug-in Plug-in for that purpose...
(BTW: Why this board doesn't allow to make literal percent signs ???)
-
-
[quote author="Jake007" date="1358090331"]Based on what you told me, I decided to dump idea of a custom updater ( on Windows platforms).
Updater will just download NSIS updater and launch it.[/quote]Be sure you launch the updater with ShellExecute(Ex) in order to trigger the required UAC dialog.
CreatePorcess() from a non-elevated process will fail when trying to run an executable that requires elevation!
[quote author="Jake007" date="1358090331"]Do you maybe know how is with permissions on Linux/Unix based OS's?
Will there be the same problem?[/quote]Yes!
Binaries and shared objects (equivalent to DLL) will normally be installed to /usr/bin or /user/local/bin.
These of course are protected and we have to use "sudo <command>" to update/modify files there.
Also on Linux platforms it's very uncommon to have a program "manually" install updates.
Instead the OS' package manager (e.g. APT) will check for updates and install them, for all apps on the system.
You just have to provide the packages in the correct form for the target distribution (e.g. DEB) and add your server (repository) to the list of software sources on the local computer.
!http://en.opensuse.org/images/c/c3/Packagemanagement.png(screenshot)!
See also: https://help.ubuntu.com/community/Repositories/CommandLine
-
Hi!
Thanks!
Today I also found about Qt installer "here":http://doc-snapshot.qt-project.org/qtifw-1.2/index.html , and I'm going to try it out.
Regards,
Jake