RESENT: BUG: Location of 'AmayaHome' directory under Windows NT i s not quite right

[======================================================================]
[ Sorry about the HTML on the previous copy. I am afflicted, by policy,]
[ with MS Outlook,  which must be 'cajoled' into NOT sending HTML when ]
[ it's fed a random SMTP address.                                 -egr ]
[======================================================================]

I may be preaching to the choir on this one; or it may have gone unnot-
iced, until now; but on my particular system, this causes problems.

SYNOPSYS

  The location 'c:\winnt\profiles\$USERNAME\amaya' is not guaranteed to
  be appropriate: "$USERPROFILE\Application Data\W3C\Amaya" is better.

  Similar issues apply to cache directories. A suitable default might
  be "$USERPROFILE\Local Settings\Application Data\W3C\Amaya\Cache".

ANALYSIS

  The current 'AmayaHome' appears to rest on any of several incorrect
  assumptions:

  1. All profiles are stored in a fixed location.

     NT is capable of storing profiles anywhere, on any filesystem, as
     well as of retrieving "roaming profiles" from any UNC path.   The
     profile of each user that has logged onto any system is stored at
     'Software\Microsoft\Windows NT\CurrentVersion\ProfileList' in its
     machine registry hive (HKEY_LOCAL_MACHINE).

     On most systems,  all local profiles are stored  (and all roaming
     profiles are cached) in the default location, if only because the
     feature is poorly-supported, and a pain to set up correctly.

  2. The default (and most likely) location is 'c:\winnt\profiles'.

     The default is in fact "$SYSTEMROOT\Profiles".  The SYSTEMROOT en-
     vironment points to the directory from which NT was booted. Still
     worse, the default location was changed in Windows 2000, to be in
     "$SYSTEMDRIVE\Documents And Settings", for a "clean install".

  3. NT always boots from 'c:\winnt'

     NT can boot from any directory,  on any filesystem which falls en-
     tirely within the first 7.8 (?) GB of disk space; the location is
     specified in '\boot.ini', of the active partition on the first HD,
     which has to fall within the first 4GB. (Forgive me, I'm a little
     hazy on the exact limits--it's been a while.)

  4. The system partition is always 'drive c'.

     The first partition that NT can mount,  on the first HD,  will be
     'drive c', regardless of whether NT is booted from that partition.

  Similarly,  the default cache location  assumes that anyone will be
  able to write to a directory created in $TMPDIR  (or $TEMP, or what-
  ever). Again, this is untrue.  A well-configured system will have a
  temp-directory at least as restrictive as a Unix 'sticky' directory,
  and probably more so.

  The current assumptions 'get by', in many installations,  because the
  default security under Windows NT Workstation is despicably lax, akin
  to 'chmod -R 777 /'.  On a 'properly secured' system, they break.

PROPOSED SOLUTION

  Windows NT/2K provides the USERPROFILE environment, which points to
  the profile of the user in whose security context a process runs.

  (OK, it's a little more complicated than that, but this assumption is
   adequate for a user-mode program. Life's a little tougher, for an NT
   service.)

  By convention, user configuration and application state are stored as
  files in a subdirectory "$USERPROFILE\Application Data\$VENDOR\$APP";
  for example, "$USERPROFILE\Application Data\W3C\Amaya\Amaya.cfg".

  Machine-specific  user configuration and application state are stored
  in "$USERPROFILE\Local Settings\Application Data\$VENDOR\$APP", which
  is not normally copied back to a user's roaming profile.  It would be
  appropriate to place a 'Cache' subdirectory here.

  Modified in this way, Amaya will not attempt (on its own initiative)
  to create files in any directory not explicitly set aside for its
  user.

Sorry I can't provide code to fix this, at the present time; I ran into
this  in the course of a brief evaluation,  and have already spent more
time writing this, than I expect my management would prefer.

-- 
Eric  G  Roesinger : Member  Technical Staff  :  Thomson multimedia Inc.
   +1 317 587 3050 : Technology Applications  :  Americas HQ Tech Center
  FAX 317 587 6779 : Indpls IC Design Center  :  101 W 103rd St (INH700)
<roesinge@tce.com> : P.O. Box 6139,  Indianapolis,  IN  46206-6139 (USA)

Received on Thursday, 14 June 2001 16:59:59 UTC