Archive: AccessControl Plugin - how give all authenticated users write access

AccessControl Plugin - how give all authenticated users write access

What is the right approach?

I used HM NIS Edit 2.0.3 with NSIS 2.4.6 and have built a well working .nsi file. Also, the resulting setup.exe works great.

However, there is a database file (database.db) which, after being installed by the setup.exe, only has read access. I had tried to set write access on the source file before compiling setup.exe, but this attribute gets "lost" after the copy process when installing.

My question is:
Where exactly in the .nsi file must I add:
AccessControl::GrantOnFile \"$INSTDIR\database.db" "(BU)" "GenericRead + GenericExecute + GenericWrite + Delete"

More questions:
does this work in vista, win 7 and win 8? I am trying to write the above directly into the .nsi.

Is it better, more compatible with different windows versions to use (S-1-5-11) for the authenticated Users pseudo-group?
If using S-1-5-11 is the better approach, must the command look this?:
AccessControl::GrantOnFile \"$INSTDIR\database.db" "(S-1-5-11)" "GenericRead + GenericExecute + GenericWrite + Delete"

Thanks for any feedback!

Using the SID should work on any machine all the way back to NT4 but you are not really supposed to enable write access to files in $programfiles.

A) It is a security risk (The biggest issue is exe and dll files but a corrupted/manipulated data file could also cause issues)

B) Does not work with multiple users logged in (Remote desktop, switch user etc)

You really should store the database under $appdata...