You are viewing limited content. For full access, please sign in.

Question

Question

Write Permission For Some LF Services To Users Group

Security Laserfiche Forms
Updated January 4, 2021
asked on December 24, 2020

Hi,

 

The customer noticed that some LF services (and their folders) have write permission to Users group:

  • c:\program files (x86)\laserfiche\laserfiche notification\hub\laserfiche.pushnotificationservice.hub.host.exe
  • c:\program files (x86)\laserfiche\laserfiche notification\service\laserfiche.pushnotificationservice.master.host.exe
  • c:\program files\laserfiche\laserfiche forms\forms\bin\routingengineservicehost.exe

 

It seems this permissions granted by default by installer.

Can we remove write permission on these services and their folders without affecting the system? If this permission is required we want to know why to inform the customer.

0 0

Answer

SELECTED ANSWER
replied on January 3, 2021

Hi Abdellah,

It is bug before 10.4.2 that installer granted write permission to Users group on Forms folder/notification service folders. It is fixed in 10.4.2, but previously granted permissions will not be removed.

For laserfiche.pushnotificationservice.hub.host.exe and laserfiche.pushnotificationservice.master.host.exe, please make sure the service account running Forms application pool has the full permission to those files. (Note: If it is running as ApplicationPoolIdentity by default, IIS_IUSRS should be granted) The permission is required to configure notification service. Then you can manually remove permission of Users group. 

For routingengineservicehost.exe, please make sure the service account running Forms routing service  has full permission to the file. The permission is required to run routing service. Then you can manually remove permission of Users group. 

Hope it helps.

1 0
replied on January 4, 2021

Thank you Ziyan Chen for the update.

0 0

Replies

replied on January 2, 2021

No one has information about this weird permissions?

 

The client's  security department want to remove this permissions, and they need confirmation for either:

  1. This is required permission and they need to know what exactly it is needed for
  2. It is not required so removing it will not affecting the system. 

 

 

Users ReadWrire Permissions.png
Users ReadWrire Permissions.png (33.94 KB)
Download
0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...