I s it safe to set Everyone group access at file level in system folder on windows?

138 views Asked by At

Is it obvious that giving access to Everyone with full permissions on folders in the C:\ProgramData is not safe and can lead to privilege escalation. My question is how is the situation for text files? Is it still dangerous?

Is it obvious that giving access to Everyone with full permissions on folders in the C:\ProgramData is not safe and can lead to privilege escalation. My question is how is the situation for text files? Is it still dangerous?

2

There are 2 answers

0
Mohammad Yousefi On BEST ANSWER

It is not recommended to set Everyone on folder and files in the windows system folder. The common C:\ProgramData folder is a place for common settings that is shared with all users. So the access for normal users is read/execute by default.

0
Anders On

No, it is not "dangerous" to give multiple users write access to a .txt file but you will run into problems if multiple users try to edit the file at the same time.

This basically only applies to text files, anything else like HTML or pictures can be problematic if there is a bug in the application that opens these files and a normal user has edited the file to include some exploit and then waits for an administrator to open it.

The program data folder and other common folders are supposed to be read-only for normal users...