Boost C++ Libraries: Ticket #8581: Files in C:\ProgramData\boost_interprocess are not accessible. https://svn.boost.org/trac10/ticket/8581 <p> When a service running as "Local System" user is using managed_shared_memory the file used for that shared memory is created in C:\<a class="missing wiki">ProgramData</a>\boost_interprocess\*\*. </p> <p> The permissions for this file are such that a regular user starting a process that wants to access that shared memory is not able to access the file and thus access the shared memory. </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/8581 Trac 1.4.3 Andreas Neustifter <andreas.neustifter@…> Tue, 04 Jun 2013 18:13:28 GMT <link>https://svn.boost.org/trac10/ticket/8581#comment:1 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:1</guid> <description> <p> Is there anything I can assist with? How likely will this be fixed, is it an actual bug or a "feature"? Thanks! </p> </description> <category>Ticket</category> </item> <item> <dc:creator>Ion Gaztañaga</dc:creator> <pubDate>Tue, 04 Jun 2013 20:13:45 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:2 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:2</guid> <description> <p> Soon to be release Boost 1.54 has changed the folder where the file will be created but I don't think it will fix this bug. You can test the Release Candidate: </p> <p> <a class="ext-link" href="http://sourceforge.net/projects/boost/files/boost/1.54.0.beta.1/"><span class="icon">​</span>http://sourceforge.net/projects/boost/files/boost/1.54.0.beta.1/</a> </p> <p> to see if the problem is still there so we can concentrate on the last version. Thanks </p> </description> <category>Ticket</category> </item> <item> <author>Andreas Neustifter <andreas.neustifter@…></author> <pubDate>Thu, 13 Jun 2013 14:04:33 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:3 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:3</guid> <description> <p> As you suspected the problem is still there. I have a test setup now that reproduces the error pretty good. I can test future releases for this issue. </p> </description> <category>Ticket</category> </item> <item> <author>boost.tim-nospam@…</author> <pubDate>Mon, 30 Sep 2013 22:51:05 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:4 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:4</guid> <description> <p> This is failing because the Boost library is unable to write to this file: <strong>C:\<a class="missing wiki">ProgramData</a>\boost_interprocess\application.sh_client_log</strong> <br /> </p> <p> The NTFS permissions are set on this folder by the *<strong>first person</strong>* to run the app. The permissions allow the initial CREATOR full control, however no-one else can modify the file afterwards. <br /> </p> <p> These permissions are Windows default and are not unique to our workstations. <br /> </p> <p> <strong>WORKAROUND:</strong><br /> An administrator should delete the <strong>C:\<a class="missing wiki">ProgramData</a>\boost_interprocess</strong> folder from the machine before each new user launches the application. </p> </description> <category>Ticket</category> </item> <item> <author>boost.tim-nospam@…</author> <pubDate>Mon, 30 Sep 2013 22:59:42 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:5 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:5</guid> <description> <p> <strong>ALTERNATIVE WORKAROUND:</strong><br /> An administrator should manually <strong>remove and reset</strong> the permissions on the C:\<a class="missing wiki">ProgramData</a>?\boost_interprocess folder. <br /> </p> <p> <strong>1)</strong> Delete the C:\<a class="missing wiki">ProgramData</a>?\boost_interprocess folder from the machine<br /> <strong>2)</strong> Create a new C:\<a class="missing wiki">ProgramData</a>?\boost_interprocess folder<br /> <strong>3)</strong> Grant Localmachine\Users Modify rights to the C:\<a class="missing wiki">ProgramData</a>?\boost_interprocess folder, subfolders and files. </p> </description> <category>Ticket</category> </item> <item> <author>Andreas Neustifter <andreas.neustifter@…></author> <pubDate>Wed, 02 Oct 2013 20:01:30 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:6 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:6</guid> <description> <p> Replying to <a class="ticket" href="https://svn.boost.org/trac10/ticket/8581#comment:4" title="Comment 4">boost.tim-nospam@…</a>: </p> <blockquote class="citation"> <p> This is failing because the Boost library is unable to write to this file: <strong>C:\<a class="missing wiki">ProgramData</a>\boost_interprocess\application.sh_client_log</strong> <br /> </p> <p> The NTFS permissions are set on this folder by the *<strong>first person</strong>* to run the app. The permissions allow the initial CREATOR full control, however no-one else can modify the file afterwards. <br /> </p> <p> These permissions are Windows default and are not unique to our workstations. <br /> </p> </blockquote> <p> Yes, that is what we see too. In our case a service running as "Local Service" user creates the file, then regular users can not access it. </p> <p> Replying to <a class="ticket" href="https://svn.boost.org/trac10/ticket/8581#comment:5" title="Comment 5">boost.tim-nospam@…</a>: </p> <blockquote class="citation"> <p> <strong>ALTERNATIVE WORKAROUND:</strong><br /> An administrator should manually <strong>remove and reset</strong> the permissions on the C:\<a class="missing wiki">ProgramData</a>?\boost_interprocess folder. <br /> </p> <p> <strong>1)</strong> Delete the C:\<a class="missing wiki">ProgramData</a>?\boost_interprocess folder from the machine<br /> <strong>2)</strong> Create a new C:\<a class="missing wiki">ProgramData</a>?\boost_interprocess folder<br /> <strong>3)</strong> Grant Localmachine\Users Modify rights to the C:\<a class="missing wiki">ProgramData</a>?\boost_interprocess folder, subfolders and files. </p> </blockquote> <p> Ah, nice, I will try that. </p> </description> <category>Ticket</category> </item> <item> <dc:creator>anonymous</dc:creator> <pubDate>Thu, 10 Oct 2013 03:05:41 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:7 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:7</guid> <description> <p> One suggestion is to provide an interface that we can specify the folder name instead of "boost_interprocess". </p> <p> Doing so we can have another workaround, just need to give a unique folder name. </p> </description> <category>Ticket</category> </item> <item> <author>Andreas Neustifter <andreas.neustifter@…></author> <pubDate>Thu, 10 Oct 2013 05:50:46 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:8 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:8</guid> <description> <p> Replying to <a class="ticket" href="https://svn.boost.org/trac10/ticket/8581#comment:7" title="Comment 7">anonymous</a>: </p> <blockquote class="citation"> <p> One suggestion is to provide an interface that we can specify the folder name instead of "boost_interprocess". </p> <p> Doing so we can have another workaround, just need to give a unique folder name. </p> </blockquote> <p> The folder name is not the problem, in this folder for each named shared memory a different file is created. The problem is with windows file permissions and who creates the folder. See the relevant technet articles for details. (Can't post links currently since Trac won't let me...) </p> </description> <category>Ticket</category> </item> <item> <dc:creator>Ion Gaztañaga</dc:creator> <pubDate>Sun, 13 Oct 2013 18:51:03 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:9 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:9</guid> <description> <p> Sorry for not replying earlier. At least in the latest Inteprocess versions the folder is created without any permissiones (which might be a security problem as anyone could take ownership of that folder). </p> <p> I'm not an expert on Windows file permissions so any help with correct permissions for the folder will be appreciated. </p> </description> <category>Ticket</category> </item> <item> <author>boost.tim-nospam@…</author> <pubDate>Wed, 06 Nov 2013 03:23:06 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:10 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:10</guid> <description> <p> <strong>Automating the Alternative Workaround</strong><br /> </p> <p> Execute the following commands to remove, recreate and secure the directory. This will grant "<strong>Authenticated Users</strong>" access to modify all files and folders within the <strong>C:\programdata\boost_interprocess</strong> directory. </p> <pre class="wiki">RD "C:\ProgramData\boost_interprocess" /S /Q MD "C:\ProgramData\boost_interprocess" icacls "C:\programdata\boost_interprocess" /inheritance:e /grant:r "Authenticated Users":(OI)(CI)M </pre><p> <strong>Root-Cause Fix</strong><br /> </p> <p> In my opinion, the solution to this issue is to have the Interprocess library write its files to the <strong>%TEMP% directory</strong> of whichever user account is executing the library. This directory should always allow the user Full Control. </p> </description> <category>Ticket</category> </item> <item> <author>andreas.neustifter@…</author> <pubDate>Wed, 06 Nov 2013 10:53:15 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:11 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:11</guid> <description> <p> Replying to <a class="ticket" href="https://svn.boost.org/trac10/ticket/8581#comment:10" title="Comment 10">boost.tim-nospam@…</a>: </p> <blockquote class="citation"> <p> <strong>Root-Cause Fix</strong><br /> </p> <p> In my opinion, the solution to this issue is to have the Interprocess library write its files to the <strong>%TEMP% directory</strong> of whichever user account is executing the library. This directory should always allow the user Full Control. </p> </blockquote> <p> This is not a good idea AFAIK: the folder has to be the same for everyone on the system since its needed to provide interprocess communication (between ALL processes). %TEMP% might be different for different users, especially for services started as "Local Service". </p> </description> <category>Ticket</category> </item> <item> <dc:creator>Ion Gaztañaga</dc:creator> <pubDate>Wed, 06 Nov 2013 20:46:54 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:12 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:12</guid> <description> <p> Another option is to avoid creating a subdirectories and create files at "C:\<a class="missing wiki">ProgramData</a>". Permissions for files in that directory are well-known and if anyone needs to modify them, it should pass the appropriate security parameter. </p> </description> <category>Ticket</category> </item> <item> <author>andreas.neustifter@…</author> <pubDate>Thu, 07 Nov 2013 08:40:02 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:13 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:13</guid> <description> <p> Replying to <a class="ticket" href="https://svn.boost.org/trac10/ticket/8581#comment:12" title="Comment 12">igaztanaga</a>: </p> <blockquote class="citation"> <p> Another option is to avoid creating a subdirectories and create files at "C:\<a class="missing wiki">ProgramData</a>". Permissions for files in that directory are well-known and if anyone needs to modify them, it should pass the appropriate security parameter. </p> </blockquote> <p> This would mean "spamming" this folder with all sorts of files, I still like that its in a common folder (boost_interprocess), thing is that this folder and the subfolders within have to be created with proper permissions... </p> </description> <category>Ticket</category> </item> <item> <dc:creator>anonymous</dc:creator> <pubDate>Mon, 24 Feb 2014 14:52:19 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:14 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:14</guid> <description> <p> IMHO the right solution is to grant unrestricted access to IPC objects: </p> <pre class="wiki">using namespace boost::interprocess; permissions unrestricted; unrestricted.set_unrestricted(); named_mutex mutex(open_or_create, "abc", unrestricted); scoped_lock&lt; named_mutex &gt; lock(mutex); </pre><p> There is only one trouble: IPC files can be unexpectedly locked by someone else. When somebody lock the %PROGRAMDATA%\boost_interprocess\abc file the code written above will misbehave on mutex constructor. I do not know how to check the fact: do we have access to IPC file? </p> </description> <category>Ticket</category> </item> <item> <dc:creator>anonymous</dc:creator> <pubDate>Wed, 07 Sep 2016 07:27:08 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:15 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:15</guid> <description> <p> Has there been any progress with this issue? Any plans to provide a way to setup a custom directory for boost_interprocess files? </p> </description> <category>Ticket</category> </item> <item> <dc:creator>Ion Gaztañaga</dc:creator> <pubDate>Wed, 07 Sep 2016 20:11:16 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/8581#comment:16 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/8581#comment:16</guid> <description> <p> You can define </p> <p> BOOST_INTERPROCESS_SHARED_DIR_PATH </p> <p> as explained in the documentation: </p> <p> <a href="http://www.boost.org/doc/libs/1_61_0/doc/html/interprocess/acknowledgements_notes.html#interprocess.acknowledgements_notes.notes_windows.notes_windows_shm_folder">http://www.boost.org/doc/libs/1_61_0/doc/html/interprocess/acknowledgements_notes.html#interprocess.acknowledgements_notes.notes_windows.notes_windows_shm_folder</a> </p> </description> <category>Ticket</category> </item> </channel> </rss>