Installing TC As Non-Admin Falls At Last Hurdle

The behaviour described in the bug report is either by design, or would be far too complex/time-consuming to be changed

Moderators: sheep, Hacker, Stefan2, white

User avatar
Phred
Senior Member
Senior Member
Posts: 283
Joined: 2009-06-16, 15:24 UTC
Location: SEAu

Installing TC As Non-Admin Falls At Last Hurdle

Post by *Phred » 2018-06-24, 17:41 UTC

Not specific to 9.2xm but true, anyway. Bug or suggestion.

When installing TC either as a full install or update from a standard user, everyday, non-admin account, from a running instance of TC, install proceeds, offering choices to install either as an update or as a normal installation, then shows an alert that the program is already running, offering 'Choose Next to close the program ...'.

After 'Next..', it closes the running TC, then proceeds to install, but after a some seconds stops, unable to open '...KEYBOARD.TXT for writing!'.
Dialogs follow, closing all instances of TC programs.

Reproduce: install from TC in a non-admin, everyday, account/context.

Expected behaviour: Allow TC-setup to close running instance(s)/files, present the normal UAC elevation prompt, and proceed to install - as is common with other program installations.

[UPDATE] I notice that the installer doesn't even prompt for UAC elevation when run from (Windows') File Manager. It fails every time.
Regards, PhredE
Licence holder since 1999

User avatar
Dalai
Power Member
Power Member
Posts: 6742
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Post by *Dalai » 2018-06-24, 21:36 UTC

TC can be installed as regular user just fine, of course limited to the directories users can write to (e.g. C:\totalcmd or %UserProfile%). To be able to do so means that TC setup should only trigger UAC when the user is in the adminstrators group. This is done via TC setup's manifest which has level="highestAvailable" set). If you want to install TC for all users (e.g. in %ProgramFiles%), run TC setup as admin. Simple as that.

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups

User avatar
Phred
Senior Member
Senior Member
Posts: 283
Joined: 2009-06-16, 15:24 UTC
Location: SEAu

True, But Really...

Post by *Phred » 2018-06-25, 09:17 UTC

Dalai wrote:TC can be installed as regular user just fine, of course limited to the directories users can write to (e.g. C:\totalcmd or %UserProfile%). To be able to do so means that TC setup should only trigger UAC when the user is in the adminstrators group. This is done via TC setup's manifest which has level="highestAvailable" set). If you want to install TC for all users (e.g. in %ProgramFiles%), run TC setup as admin. Simple as that.

Regards
Dalai
Yes, of course, Dalai, but really - install an executable as powerful as TC off the root or in an insecure AppData branch? In 2018 CE? You must like living dangerously.
You've heard of the recent Zacinlo Ad Fraud vector (a rootkit), ransomware attacks, RAM pounding, local and remote, viruses of many many kinds, crypto-mining and address hijacks, even persistent system and router reprogramming?
We're not in Kansas anymore.

I must admit that provision of c:\totalcmd in the install package still holds me incredulous. Surely it's not the intention of Ghisler, GmbH to advocate its own installation memes outside of Microsoft's safer recommendations of installing software other than in C:\Program Files ~\ so that security is deprecated extraordinarily? I couldn't quite understand that, if it is.

Yes, there are many self-confessed geeks here and using TC, but it's a general-usage file management utility, and we'd likely expect that the Ghisler co. doesn't really want to jeopardise their systems. I imagine it will change.

After all, the structures that have matured under Windows have evolved for a reason, and in these days of OSs-as-a-service and permanent internet connection, it has to be, foremost, security.

The vast majority of mainstream programs now install in %ProgramFiles% and their setup routines prompt for admin permissions. Ordinary users far prefer this arrangement these days to the totally open machines of the 20th century, CE.
Regards, PhredE
Licence holder since 1999

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 38094
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2018-06-25, 10:36 UTC

Currently the installer uses level="highestAvailable", so non-admin users can still install TC to a directory like c:\Totalcmd, which does not require admin rights.

It would be better to first collect user data with normal rights and then ask for admin rights. Unfortuantely this would require a lot of changes, so I cannot add it quickly.
Author of Total Commander
http://www.ghisler.com

User avatar
Dalai
Power Member
Power Member
Posts: 6742
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Post by *Dalai » 2018-06-25, 14:19 UTC

Phred wrote:Yes, of course, Dalai, but really - install an executable as powerful as TC off the root or in an insecure AppData branch? In 2018 CE? You must like living dangerously.
I don't, although some people say I do because I don't use anti-virus software. But I digress. I always install TC to %ProgramFiles% on all of my own computers and those of my customers. I even made a suggestion to change the default installation directory to %ProgramFiles% a long time ago (can't find the corresponding thread unfortunately). But Ghisler didn't change it because he has some valid points, and I can understand and respect them.

Regarding your malware stuff: If you've heard about them you're tech-savvy enough to know it's better to install to %ProgramFiles% anyway.

So, your criticism is directed at the wrong target. I just pointed out the situation as it is now. Suggest a change of the default install dir to %ProgramFiles% and I'll be happy to support it. But keep in mind that it's not so easy to keep the ability to install without admin privileges then; this requires some major changes as Ghisler already pointed out (but maybe it's time to switch to InnoSetup ;)).

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups

User avatar
Hacker
Moderator
Moderator
Posts: 11346
Joined: 2003-02-06, 14:56 UTC
Location: Bratislava, Slovakia

Post by *Hacker » 2018-06-25, 21:24 UTC

Phred,
Perhaps slightly OT, but what is insecure about installing programs outside of Program Files?

TIA
Roman
Mal angenommen, du drückst Strg+F, wählst die FTP-Verbindung (mit gespeichertem Passwort), klickst aber nicht auf Verbinden, sondern fällst tot um.

User avatar
Stefan2
Power Member
Power Member
Posts: 2643
Joined: 2007-09-13, 22:20 UTC
Location: Europa

Post by *Stefan2 » 2018-06-26, 07:07 UTC

Hacker wrote:Phred,
Perhaps slightly OT, but what is insecure about installing programs outside of Program Files?

TIA
Roman
Everyone and every program has write access and for example a program can modify his own code by downloading an update.
Program Files on the other hand is write protected after the installation and need elevated admin rights to alter the files in that folder, so the user would be prompted for rights.

For well know programs like TC, one can give write access for USERS to TCs folder as default.
(Then you have broken that (pseudo) security, but won some convenience, as you, TC and the plugins have write permissions now)


That's the basic idea.
Of course that ProgramFiles-security is only true for attacks not really really want to hack you.
Like "better than nothing" for the average user, ...but this consideration is really OT.





 
Inofficial FAQs || WIKI (Deu/Eng) || TC Home (What's new? // FAQ // Download // Order // Addons // Tools // Plugins)
Erst wenn der letzte Baum gefällt oder die letzte Biene verendet ist, werden die Leute verstehen warum Umweltschutz wichtig ist.

User avatar
Dalai
Power Member
Power Member
Posts: 6742
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Post by *Dalai » 2018-06-26, 14:08 UTC

Hacker wrote:Phred,
Perhaps slightly OT, but what is insecure about installing programs outside of Program Files?
Well, any program, including malicious ones can manipulate other programs which are located in %UserProfile% (or any other user-writable location). Malicious software might even abuse other programs for their own (malicious) purposes, e.g. to stay undetected by anti-virus software. It's also important to note that administrators really don't like programs that are writable by users.

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups

User avatar
Hacker
Moderator
Moderator
Posts: 11346
Joined: 2003-02-06, 14:56 UTC
Location: Bratislava, Slovakia

Post by *Hacker » 2018-06-27, 18:45 UTC

Stefan2,
Everyone and every program has write access and for example a program can modify his own code by downloading an update.
Program Files on the other hand is write protected after the installation and need elevated admin rights to alter the files in that folder, so the user would be prompted for rights.
I still fail to see the danger.

Roman
Mal angenommen, du drückst Strg+F, wählst die FTP-Verbindung (mit gespeichertem Passwort), klickst aber nicht auf Verbinden, sondern fällst tot um.

User avatar
Horst.Epp
Power Member
Power Member
Posts: 3430
Joined: 2003-02-06, 17:36 UTC
Location: Germany

Post by *Horst.Epp » 2018-06-27, 18:58 UTC

Hacker wrote:Stefan2,
Everyone and every program has write access and for example a program can modify his own code by downloading an update.
Program Files on the other hand is write protected after the installation and need elevated admin rights to alter the files in that folder, so the user would be prompted for rights.
I still fail to see the danger.

Roman
The danger comes if you let trojans or viruses running on your system.
But then its no longer your system anyway.
I started many years ago to store all my tools under c:\tools
most of it are portable. I never had any security problems.
As a system admin I still prefered the default windows places . :)
Windows 10 Home x64 November 2019 Update, Version 1909 (OS Build 18363.476)
Intel(R) Core(TM) i7-4770 CPU @ 3.40GH, 16GB RAM
TC 9.50ß5 x64 / x86, Everything 1.4.1.955 (x64)

User avatar
JesperRed
Junior Member
Junior Member
Posts: 6
Joined: 2017-07-07, 10:12 UTC

Re: Installing TC As Non-Admin Falls At Last Hurdle

Post by *JesperRed » 2018-08-02, 20:02 UTC

Hi
I'm not very technical, but I have always wondered why TC wants to install directly in the root and not as must program in "Program Files", why not follow the standard?

From a user perspective it is very strange that I can't install TC due to the error "Could not open file C:\....."
Why don't I get a message about I need to install as Admin.
(of course the best would be if it "just worked" as Non-Admin)

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 38094
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: Installing TC As Non-Admin Falls At Last Hurdle

Post by *ghisler(Author) » 2018-08-03, 10:27 UTC

That's mainly for historical reasons - TC exists much longer than "Program files"! It's also difficult to change that now, due to older plugins failing when installed to a read only directory.
Author of Total Commander
http://www.ghisler.com

User avatar
wanderer
Power Member
Power Member
Posts: 1334
Joined: 2003-03-28, 14:35 UTC
Location: Sol

Re: Installing TC As Non-Admin Falls At Last Hurdle

Post by *wanderer » 2018-08-09, 16:22 UTC

@ghisler
Like Dalai, i also install tc under "Program Files". I also understand the reasons for not changing the default install location. How about adding 2 extra buttons in the dialog then? Each can simply set the path in the textbox either to "C:\totalcmd" or to "%ProgramFiles%\TotalCmd" accordingly. That way the user will avoid manually typing it. And if you decide to do so, may i suggest "%ProgramFiles%\TotalCmd" as a default option (more modern)?
- Wanderer -

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Latest TC / x32: WinXPx32 SP3 / x64: Clients/Servers from Win7SP1 through Win19Server

User avatar
Usher
Power Member
Power Member
Posts: 573
Joined: 2011-03-11, 10:11 UTC

Re: Installing TC As Non-Admin Falls At Last Hurdle

Post by *Usher » 2018-08-09, 18:42 UTC

I think that the path should depend on TC bitness. You can't run 32-bit apps under "C:\Program Files" in 64-bit Windows. I don't know how system virtualization will work when you run 32+64 TC installer.
Regards from Poland
Andrzej P. Wozniak

User avatar
wanderer
Power Member
Power Member
Posts: 1334
Joined: 2003-03-28, 14:35 UTC
Location: Sol

Re: Installing TC As Non-Admin Falls At Last Hurdle

Post by *wanderer » 2018-08-09, 19:20 UTC

Usher wrote:
2018-08-09, 18:42 UTC
You can't run 32-bit apps under "C:\Program Files" in 64-bit Windows.
Not true. I always install tc there and have no problem running both versions (under Win7 at least).
- Wanderer -

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Latest TC / x32: WinXPx32 SP3 / x64: Clients/Servers from Win7SP1 through Win19Server

Post Reply