We have several drives here that have restricted permission on NTFS level so that only admins can access the files. The NTFS permissions grant full access for the admin group only.
If I start DOpus in user mode and switch to admin mode by using the command Set ADMIN=On,0 I only get a permission denied error when trying to browse the drive (administrator prefix is shown in titlebar).
On the other hand if I actually exit DOpus and start it again with administrator permissions (SHIFT + MBUTTON_RIGHT on taskbar and launch as admin) I can fully access these drives (administrator prefix isn't shown in titlebar).
It is really convenient having the administrator mode on a hotkey or a toolbar button, but if I can't access drives --- restricted for administrator access only --- it doesn't help me much.
That's too bad. Since accessing files and folders with administrator credentials is the only (obvious) advantage of the admin mode for me. That was the main reason for me to add the admin button to my DOpus toolbar. To be honest I don't know other use-cases for which the admin mode is needed except of using the admin credentials to access folders and files. Ok I can launch new processes as admin, but this should be better done by an own shortcut (e.g. CTRL+SHIFT+RETURN).
Unfortunately this isn't an applicable workaround since all of these drives are replacable (e.g. some USB-Sticks and many external drives for project backups) and they are only connected for a short time on a daily schedule on different systems. Currently I always I have to fully exit DOpus and start again in admin mode since this is the easiest way to get it working.
Ahh, that was too obvious. Certainly you are right, but installing my system was too many month ago. On the other hand reading/writing folders that are restricted to be accessed by administrators only belongs to my daily work.
What is the reason why admin mode is only applied when accessing files and not folders?
We have many folders that are restricted to be accessed by administrators only on NTFS level. These folders contain sensitive data that must not be readable for common processes, instead the user has to explicitly switch to admin mode to read or modify these files and folders. You can think about that about a very simple but effective locking mechanism that even protects important files against accidental changes. For example each workstation has a backup drive that can only be accessed by administrators. This prevents user mode processes (e.g. malware) from reading or modifying the backup files but a script in admin mode that is scheduled on a daily plan can update the backup files to maintain a 7 days rotating differential backup. That is really convenient since each user just have to switch to admin mode to access his most important files with a 7/31 day history even if the user is off-site in a train without any access to the backup mirrors on a file server. Unfortunately this partition can not be accessed with DOpus since the folder permission is set to admin only.
Leo, what is the reason why admin mode is only applied when accessing files and not folders? Or could this be an improvement for one of the next beta versions?
I guess that the currently implemented behaviour is the same reason, why DOpus in admin mode can not read the local home directories of other users on the same system?
They should. It really is a pain in the butt to have to shut DO down and restart with elevated privileges, do the work I need to do, then remember to shut DO down and re-open with normal user privileges. I thought the whole idea behind the elevation button was to avoid this altogether.
Jon and I talked about this but it is actually quite complicated. It isn't simply a case of reading the directory listings via elevation (which itself means reading things from a separate process and proxying the results back). Everything that reads any files in the directory also needs to read them via elevation, or it won't work. Nothing can open a normal file handle; everything has to be streamed via virtual files passed through an elevated process.
It is possible and we may do it one day, but it is not as trivial as you might think it is.
Elevation on Windows is typically used such that an admin under UAC can read everything and only needs elevation to modify things. Folders that cannot be read at all without elevation are folders that are never intended to be read by people (e.g. System Volume Information). That is what Opus is modelled around.
If you want to create folders which go against that model then it's your choice, and it will make life difficult. (You'll have similar problems with Windows Explorer.)
Note that in the removable drive case the permissions are really questionable as anyone who had the drive could replace the permissions and read all the data. You're really just restricting read access from well-behaved software on your own machine, not to someone who shouldn't being able to read the data. Permissions don't encrypt the data at all and anyone with admin rights to any machine (or with an OS that ignores Windows file permissions, like Linux) can read the data if they get hold of the drive.
Thanks for the detailed answer. Anyway it would be so much more convenient to let DOpus access these folders.
That is exactly the intention of these folders. The data must be protected against read/write access by common user processes (e.g. by malware or changing by accident). These folders should be accessable by local admins on any machine. The data safety isn't needed in this case. All of our sensitive data that must be actually protected against public access is encrypted by TrueCrypt and the files and folders have NTFS permissions for everyone.
By the way: I have a similar use-case at home. I use admin-only write permissions for my personal music archive because I do not want all these different players to mess up my id3 tags. But this isn't a problem for DOpus because the folders still have read access for everyone, thus DOpus in admin mode can modify the files.
Is the same streaming through virtual files already needed for the current implementation that still allows to modify files with elevated permissions? Or does the folder thing change the whole concept?
No, not within the same desktop session as the main instance.
Given that UAC is fairly easy for malicious code to bypass, and that the system you've come up with does not work with standard tools like Windows Explorer or the UAC model in general (where writing is restricted but reading generally is not), IMO you need to either rethink how you're doing things or accept that you'll only be able to access the drives using tools which happen to work differently to Opus and Explorer.
Certainly you are right, but installing my system was too many month ago. On the other hand reading/writing folders that are restricted to be accessed by administrators only belongs to my daily work.
