UnauthorizedAccessException in service. Confused

C

Claire

I'm testing my first service and I'm receiving the above exception whenever
I attempt to open some files for writing. Reading is fine.
The files are on the same directory as my service application and hold
application configuration settings.
On the other hand, a log file that I write to the c:\temp directory causes
no problems and opens every time.
The account the serviceinstaller was set up to use was "LocalService".

I have just changed the account to "LocalSystem" and I've stopped getting
the problems.

I need to be able to do the following from my service :
1) Read/write configuration files in the same directory as the application
2) Read/write a log file in a directory selected by the user.
3) Talk to a remote SOAP server
4) I think interop services create cs files at runtime to create objects to
talk to a dynamically loaded unmanaged dll. I noticed some errors regarding
this in one of my log files on a single occasion.

Will LocalSystem be ample to do this task without errors please?
Why would writing to my log file work ok and yet not the other ones when I
was using the LocalSystem account?

thanks
 
I

Ignacio Machin \( .NET/ C# MVP \)

Hi,

Are you trying to write the config file, cause you can't

if you want to read/write config files use another file than
servicename.exe.config

Otherwise I don't see why you would get any error running it under
LocalSystem, in fact IIRC almost all services log in as LocalSystem


Cheers,
 
W

Willy Denoyette [MVP]

Claire said:
I'm testing my first service and I'm receiving the above exception
whenever I attempt to open some files for writing. Reading is fine.
The files are on the same directory as my service application and hold
application configuration settings.
On the other hand, a log file that I write to the c:\temp directory causes
no problems and opens every time.
The account the serviceinstaller was set up to use was "LocalService".

I have just changed the account to "LocalSystem" and I've stopped getting
the problems.

I need to be able to do the following from my service :
1) Read/write configuration files in the same directory as the application
2) Read/write a log file in a directory selected by the user.
3) Talk to a remote SOAP server
4) I think interop services create cs files at runtime to create objects
to talk to a dynamically loaded unmanaged dll. I noticed some errors
regarding this in one of my log files on a single occasion.

Will LocalSystem be ample to do this task without errors please?
Why would writing to my log file work ok and yet not the other ones when I
was using the LocalSystem account?

thanks

You should grant the "NETWORK SERVICE" account write access privileges to
the folders.
Don't run your services as SYSTEM.

Willy.
 
W

Willy Denoyette [MVP]

Claire said:
Why not please Willy?

Claire,

Because you don't need the high (dangerous) privileges the SYSTEM account
has.
This is all about writing secure code, you should always try to write
applications that execute with the least privileges to get the job done.
There are only very few application that need SYSTEM privileges and these
aren't written in managed code anyway.
In your case the service doesn't need the SYSTEM account's privileges to
access the file system, you only have to grant "NETWORK SERVICE" write
access privileges to your application folders.

Willy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top