简体繁体 English

Python中所有用户的注册表项

[英]Registry Entries for all users in Python

原文 2010-10-24 19:52:09 0 4 python/ windows/ permissions/ registry/ winreg

I wrote an application that stores several things in the registry. 我编写了一个在注册表中存储一些内容的应用程序。 When I first started, I added them to HKEY_LOCAL_MACHINE, but kept getting permission errors writing to the. 刚开始时，我将它们添加到了HKEY_LOCAL_MACHINE，但是一直在写入权限错误。 So, it was suggested that I use HKEY_CURRENT_USER, that worked until I realized that I am not able to access them from another account. 因此，建议我使用HKEY_CURRENT_USER，该方法一直有效，直到我意识到无法从另一个帐户访问它们。 How can I write to the registry but allow all accounts to access read and write to it? 如何写入注册表但允许所有帐户访问读写？

I used the Python module _winreg. 我使用了Python模块_winreg。

4 个解决方案

HKEY_LOCAL_MACHINE/Software/YourSoftware , needs Admin permissions and is for install-time data, or HKEY_CURRENT_USER/Software/YourSoftware , which is for data pertinent to this environment only (this user, this profile etc.) HKEY_LOCAL_MACHINE/Software/YourSoftware需要管理员权限，用于安装时数据，或HKEY_CURRENT_USER/Software/YourSoftware ，仅用于与此环境相关的数据（此用户，此配置文件等）

EDIT: An alternative would be storing a config file and setting the right permissions at install time. 编辑：另一种方法是存储配置文件并在安装时设置正确的权限。

2nd EDIT: I've read in another comment that you want to be sure only your application modified some file, so you store the modification times. 第二次编辑：我在另一条评论中读到，您希望确保只有您的应用程序修改了一些文件，因此您存储修改时间。 Workarounds: 解决方法：

encrypt the file-not-to-be-modified, best is with a user-generated key 加密文件不要修改，最好用用户生成的密钥
make a service, install with a special user under which it runs, and make the permissions so, that only this service can access the file 制作服务，使用运行它的特殊用户进行安装，并授予权限，只有此服务才能访问该文件

My gut feeling says your requirement to modify a file only by your app, but under any account is very wrong but the more or less correct solutions have to impose additional complexity. 我的直觉表明你的要求只是由你的应用程序修改文件，但在任何帐户下都是非常错误的，但或多或少正确的解决方案必须增加额外的复杂性。 Your decision: review your requirements and possibly your design, or add a layer of complexity and possibly cruft. 您的决定：检查您的要求，可能还有您的设计，或者增加一层复杂性，可能还有可能。

3rd EDIT: Split your app, have an admin application, which can with admin rights write to HKLM and set the settings. 第三次编辑：拆分你的应用程序，有一个管理员应用程序，可以通过管理员权限写入HKLM并设置设置。 Normal user rights should suffice to read HKLM 普通用户权限足以阅读HKLM

You'll either need admin permissions to write to HKLM, or settle for non-global reg keys. 您可能需要管理员权限才能写入HKLM，或者解决非全局注册表项。 Behavior is going to vary somewhat between different versions of windows. 不同版本的Windows之间的行为会有所不同。

If you want to write to the registry so that all users can read it, you will need to run your program with administrator privileges. 如果要写入注册表以便所有用户都可以读取它，则需要以管理员权限运行程序。

You might be happier storing your information in a file instead, which will be easier to manage. 您可能更乐意将信息存储在文件中，这样更容易管理。

One other possibility would be changing the security on your HKLM keys to R/W for anyone. 另一种可能是将任何人的HKLM密钥的安全性更改为R / W。 Although the idea that this is somehow security against modification seems a bit of a stretch. 虽然这在某种程度上反对修改的安全性的想法似乎有点延伸。

Regedt32 has the ability to set the keys, so the underlying API must have it too. Regedt32可以设置密钥，因此基础API也必须具有密钥。

All that said, this is a screwed up way to run an application and shows a sever lack of understanding of security and security models. 总而言之，这是运行应用程序的一种搞砸的方式，显示出对安全性和安全性模型缺乏了解。 (In other words, typical windows development.) （换句话说，典型的Windows开发。）

How did I get so cynical..... 我怎么会这么愤世嫉俗......