Launch from Windows installer fails to drop privileges

Having trouble installing or compiling FreeCAD? Get help here.
Forum rules
Be nice to others! Respect the FreeCAD code of conduct!
User avatar
uwestoehr
Veteran
Posts: 4961
Joined: Sun Jan 27, 2019 3:21 am
Location: Germany
Contact:

Re: Launch from Windows installer fails to drop privileges

Post by uwestoehr »

adrianinsaval wrote: Sat Oct 02, 2021 6:48 pm In an ideal world maybe, but regular home users have admin privileges in their computers, these are the people that will unknowingly launch FreeCAD as admin.
Not, that is not true, please try it out on your Windows machine:

There are basically only 3 ways:

way 1:
- log in to a normal user account and start the installer
- what do you get? Is the installer asking you for admin permissions?
- No. (If it does, please tell me since this would be a bug.)
So to run the installer as admin you must use Windows "run as admin" context menu -> so it is your explicit will to run it as admin.

way 2:
- log in to a Windows admin account and start the installer
- what do you get? Is the installer asking you for admin permissions?
- No. Because you are already admin. So no matter how you start FreeCAD from this account, FreeCAD has the same admin privileges as every other program you start from an admin account.

way 3:
- log in to a normal user account
- start the installer using Windows "run as admin" context menu
-> everything the installer does will affect all users, registry entries are made in HKLM and not HKCU etc. To be able to act as admin you gave the installer these rights. The installer invokes under the hood further programs running in admin level as well. Otherwise the installation would not work. To end the admin level, the installer must be ended. But if you use the option to run FC from within the installer of course FC will be run for the admin account (since it was executed from a program running on admin level) and that is how it should work.

So please don't state something is happening unwillingly. Either you explicitly run the installer as admin or not and Windows respects your will. There is no "magic" happening, everything works as it should work.
And please stop to say there are security issues. The user is the master and decides what he wants.
openBrain
Veteran
Posts: 9034
Joined: Fri Nov 09, 2018 5:38 pm
Contact:

Re: Launch from Windows installer fails to drop privileges

Post by openBrain »

uwestoehr wrote: Sat Oct 02, 2021 11:37 pm way 3:
- log in to a normal user account
- start the installer using Windows "run as admin" context menu
-> everything the installer does will affect all users, registry entries are made in HKLM and not HKCU etc. To be able to act as admin you gave the installer these rights. The installer invokes under the hood further programs running in admin level as well. Otherwise the installation would not work. To end the admin level, the installer must be ended. But if you use the option to run FC from within the installer of course FC will be run for the admin account (since it was executed from a program running on admin level) and that is how it should work.
I'm pretty unfamiliar with Windows. In case of way 3 (above), could it be that by some way, FreeCAD is installed in a certain folder (or with certain settings) that would make it run as admin permanently (not only launch from installer, but also next regular launches), without the user to be clearly aware of that?
Also I'm a bit surprised that the installer cannot launch as a normal user as it will (I guess) run FreeCAD in a independent thread. :?
heda
Veteran
Posts: 1348
Joined: Sat Dec 12, 2015 5:49 pm

Re: Launch from Windows installer fails to drop privileges

Post by heda »

uwe, as a complete amateur it seems like you are right in all that you have written in the post above,
but is it not so that there is one more use-case?
i.e. starting the installer as non-admin and selecting "install for all users" (rather than always having the starting point as "run as admin"),
then I expect that one is asked to elevate to admin (which happens automatically), and then I also would expect that fc would start with dropping privs to "normal user", i.e. the program starts in the context of the user that was originally initiating the installer (as non-admin), also when choosing to start the program from the installer.

I think this is the most common use-case for people at home computers, of course not at all needed to install for all users, but probably very hard to change that behaviour since at home people have easy access to both "non-admin" and "admin" accounts (and unwittingly mixes the two, mostly out of lack of detailed knowledge, hard to avoid - a bit similar to that bad drivers also have a driving license). In a corporate world it is of course a bit different, especially if it is not the user that installs the program, but rather a sys-admin.

debated with myself if I should make a post or not, but hope this one helps.
this thread seems to be another example of how hard it sometimes can be to understand each other...


I'm not a sys admin and have zero aspiration to become one, also i have never made an installer, and probably never will do one.
once I discovered that one could install programs on windows by simply unzipping I never looked back, on windows this is how I install nowadays, heck at home I have abandoned windows :-)
chrisb
Veteran
Posts: 53933
Joined: Tue Mar 17, 2015 9:14 am

Re: Launch from Windows installer fails to drop privileges

Post by chrisb »

I couldn't lay hands on a consumer style windows computer yet to do some tests, but I know from other programs that they can start an installation as nomal user and switch to admin only if required. It should then be possible to return to the old user. You asked previously in this topic that it would not be known to which normal user to change to. The current user can be obtained from the environment variable USERNAME. So what is desired here could be

- start installation as normal user
- if admin rights are needed for a global installation, ask for them
- if the rights are granted, store the current user, e.g. with
set UNPRIVILEDGED=%USERNAME%
- switch to admin
- do what has to be done as admin
- switch back to %UNPRIVILEDGED%
- run FreeCAD
A Sketcher Lecture with in-depth information is available in English, auf Deutsch, en français, en español.
User avatar
uwestoehr
Veteran
Posts: 4961
Joined: Sun Jan 27, 2019 3:21 am
Location: Germany
Contact:

Re: Launch from Windows installer fails to drop privileges

Post by uwestoehr »

openBrain wrote: Sun Oct 03, 2021 7:04 am I'm pretty unfamiliar with Windows. In case of way 3 (above), could it be that by some way, FreeCAD is installed in a certain folder (or with certain settings) that would make it run as admin permanently (not only launch from installer, but also next regular launches), without the user to be clearly aware of that?

No. When you run the installer as admin, you affect all users (that's the idea of being admin). Then its install location is C:\Program Files so that all users see it and can use it.
Every user can of course only run installed programs with its user permissions. So the setting of FC are stored in the local user's AppData folder. That's clear since every user must be able to use e.g. its own color scheme in FC etc.
openBrain wrote: Sun Oct 03, 2021 7:04 am
Also I'm a bit surprised that the installer cannot launch as a normal user as it will (I guess) run FreeCAD in a independent thread. :?
The OPTIONAL feature to run FC from WITHIN the installer, must of course run FC as the user who run the installer. When this was the admin, it is this SINGLE TIME run as admin, and that's exactly the purpose of the option. I am wondering why this is so hard to understand and also to accept that it is an option. If you don't like or need this, then simply don't use the option; just end the installer and then start FC the normal way.

I am really tired now and see that people post here without ever having run the installer.
User avatar
uwestoehr
Veteran
Posts: 4961
Joined: Sun Jan 27, 2019 3:21 am
Location: Germany
Contact:

Re: Launch from Windows installer fails to drop privileges

Post by uwestoehr »

heda wrote: Sun Oct 03, 2021 7:23 am i.e. starting the installer as non-admin and selecting "install for all users" (rather than always having the starting point as "run as admin"),
then I expect that one is asked to elevate to admin (which happens automatically),
Yes, the installer must then be run as admin. I mean it is your decision that e.g. your wife or kids can use FreeCAD too. So after you input your admin credentials, you work from now on as admin.
So what do you think happens when the installation takes place? - Scripts are generated and executed, not by the installer itself but the installer calls other programs that do this, even Python can be run etc. All these actions need admin permissions to have an effect for all uses, therefore it is clear that every program that is run from within a program you gave admin permissions must run with admin permissions too to achieve what you want. This concept is a Windows basic.
And the OPTION to run FC after the installation the first time is just another program that is started by the installer.

And as I wrote for sure now a dozen times, the option to run FC from within the installer is there to run FC the first time as the user who runs the installer. As admin, when I want to check if the program I installed is running fine and I do this of course in the user account with which I installed the program, and this is my admin account.

Why do you think the option is there? Without it, the installer would just end. When you are logged in as normal user starting FC has then of course no admin permissions.
As I wrote, other installers like the one of Audacity and Inkscape have the same functionality. I built it in to the installer once I wrote it (originally for the project www.lyx.org) because admins requested it.
heda
Veteran
Posts: 1348
Joined: Sat Dec 12, 2015 5:49 pm

Re: Launch from Windows installer fails to drop privileges

Post by heda »

oki, not a misser in understanding then, but a difference of opinion.
as an amateur at least I fail to see the logic in this choice for the scenario of starting as non-admin and choosing to install for all users.
it makes perfect sense if the installation is done if starting the installation as admin.

I would have guessed that if it really is a sys-admin doing the installation that they would use the admin account from the get-go to do the installation with, and then the question at hand is a non-question (i.e. they take the effort of logging in first).

If they choose to do the install from user account and then elevating (through "all users"), it would make more sense to me to confirm on the non-elevated account that it works (just as an outside view without knowing any of the inner workings of windows privs and sys admin work as such), if one is going to do that now one have to start the program "twice", or choose to not click the "run now" button which is temptingly there :-). Maybe a simple comment then in the installer gui then that it starts from admin account if the button is used when using option "all users"?

anyway, I have no skin the game one way or the other, it just looked like there was a possible situation where the specific situation considered was not the same all around.
it seems like it was not - peace out.

oops, forgot to say thanks for all the things your are doing for fc uwe!!
User avatar
uwestoehr
Veteran
Posts: 4961
Joined: Sun Jan 27, 2019 3:21 am
Location: Germany
Contact:

Re: Launch from Windows installer fails to drop privileges

Post by uwestoehr »

heda wrote: Sun Oct 03, 2021 12:29 pm as an amateur at least I fail to see the logic in this choice for the scenario of starting as non-admin and choosing to install for all users.
Installing for all users is an admin task. That is the case in all OSes I know since that is one of the definitions of administrator.

So you might ask why is there then the option to install for all users? The answer is to save time for admins since they are lazy as everybody else ;) but this option is also very useful to stay safe:
- you do your normal work and while doing so you get a user request to install a program.
- you download the requested program using your normal user account. This is important since downloading programs from a browser having admin permissions is a potential danger when you cannot trust the website or if the website was hijacked.
- then you are lazy and don't want to log off from your current user account to switch to your admin account. Therefore you can start the installer, check the option to install for all users. This way you can switch to your admin account only for the installation task. All other programs you are currently running stay in your user account level. So this saves time and the majority of installers I know therefore offers this.

In general, I strongly recommend not to install programs for all users when not all users must or should work with a program. This has 2 advantages:
- in case you install a corrupted program (contains a virus etc.), it cannot affect your whole system, since it never gets admin permissions.
- you don't bother others. For example when you share your system with e.g. your wife who never does CAD, why should she be bothered with a new program she will never use?
heda
Veteran
Posts: 1348
Joined: Sat Dec 12, 2015 5:49 pm

Re: Launch from Windows installer fails to drop privileges

Post by heda »

fair enough (for me)
chrisb
Veteran
Posts: 53933
Joined: Tue Mar 17, 2015 9:14 am

Re: Launch from Windows installer fails to drop privileges

Post by chrisb »

uwestoehr wrote: Sun Oct 03, 2021 11:06 am I am wondering why this is so hard to understand and also to accept that it is an option. If you don't like or need this, then simply don't use the option; just end the installer and then start FC the normal way.
I think the problem is that you see any criticism of the installer as a personal attack. It should be far from that, because it has to be pointed out, that the current installer is probably the best we ever had.
But that doesn't mean that it couldn't be improved. There are proposals on the table which I think are worth a tracker ticket. Accepting the installer as is, would mean it hasn't to be an error ticket, it could be a feature request.
A Sketcher Lecture with in-depth information is available in English, auf Deutsch, en français, en español.
Post Reply