Should I give “modify” permissions for “all” or “users” or “outsiders” if in UAC I want to make data folders and files accessible to users who are not program administrators?
I want basically all who could sit at the computer to read / write data through the program. I also read that using the "all" permission for modification can open a security hole in the network. What is the difference between all users and users? What are the security implications?
Implementation details for InnoSetup follow:
Using InnoSetup, I install the EXE in the standard Program Files subfolder and the Data subfolder inside it, for example:
C: \ Program Files \ My Prog \ Prog.exe
C: \ Program Files \ My Prog \ Data \ MyData.dat
Now, so that MyData.dat can be modified by Prog.exe, even if Prog.exe is run by non-administrators, I provide "modify" permissions for the "Data" subfolder with this line:
[Dirs]
Name: "{app}\Data"; Permissions: everyone-modify;
;This is the question: should I use users or authusers instead of everyone?
[Files]
Source: "MyProg.exe"; DestDir: "{app}"; Flags: replacesameversion;
Source: "MyData.dat"; DestDir: "{app}\Data"; Flags: replacesameversion;
This question is similar to 2686918 , but I did not find enough information about the types of permissions, therefore this is new. I will clarify this question after clarifying this.
In particular, InnoSetup defines the following groups:
- Administrators of the built-in administrators group
- Authenticated Authenticated User Groups
- each whole group
- powerusers Built-in Power Users group
- local system user
- users Built-in user group
" , , , - - , , "?