Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access Denied when %TEMP%\WinGet does not explicitly have the user with granted access #5276

Open
marticliment opened this issue Mar 5, 2025 · 4 comments · May be fixed by #5282
Open

Access Denied when %TEMP%\WinGet does not explicitly have the user with granted access #5276

marticliment opened this issue Mar 5, 2025 · 4 comments · May be fixed by #5282
Labels
In-PR Issue related to a PR Issue-Bug It either shouldn't be doing this or needs an investigation.

Comments

@marticliment
Copy link

Brief description of your issue

When changing %TEMP% location to a directory where the user does not have explicit permissions (C:\TEMP, for example), but the user can read/write the folder (the user is in the "Administrators" group), WinGet create the new %TEMP%\WinGet folder, but will write nothing into it and will crash with

Failed to open the predefined source; please report to winget maintainers.
An unexpected error occurred while executing the command:
0x80070005 : unknown error

COM API will also throw exception.

Steps to reproduce

  1. Change %TMP% and %TEMP% to C:\TEMP (assuming the folder exists)
  2. Have the C:\TEMP folder empty, so WinGet has to create C:\TEMP\WinGet again
  3. Run (winget list)

Expected behavior

WinGet should be able to write into that C:\TEMP\WinGet folder if it was able to create it, right?

Actual behavior

WinGet creates the C:\TEMP\WinGet folder (assuming it does not exist) and then crashes.

Environment

Windows Package Manager v1.10.340
Copyright (c) Microsoft Corporation. All rights reserved.

Windows: Windows.Desktop v10.0.26100.3194
System Architecture: X64
Package: Microsoft.DesktopAppInstaller v1.25.340.0

Winget Directories
-----------------------------------------------------------------------------------------------------------------------
Logs                               %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\Diag…
User Settings                      %LOCALAPPDATA%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\sett…
Portable Links Directory (User)    %LOCALAPPDATA%\Microsoft\WinGet\Links
Portable Links Directory (Machine) C:\Program Files\WinGet\Links
Portable Package Root (User)       %LOCALAPPDATA%\Microsoft\WinGet\Packages
Portable Package Root              C:\Program Files\WinGet\Packages
Portable Package Root (x86)        C:\Program Files (x86)\WinGet\Packages
Installer Downloads                %USERPROFILE%\Downloads
Configuration Modules              %LOCALAPPDATA%\Microsoft\WinGet\Configuration\Modules

Links
---------------------------------------------------------------------------
Privacy Statement   https://aka.ms/winget-privacy
License Agreement   https://aka.ms/winget-license
Third Party Notices https://aka.ms/winget-3rdPartyNotice
Homepage            https://aka.ms/winget
Windows Store Terms https://www.microsoft.com/en-us/storedocs/terms-of-sale

Admin Setting                             State
--------------------------------------------------
LocalManifestFiles                        Disabled
BypassCertificatePinningForMicrosoftStore Disabled
InstallerHashOverride                     Disabled
LocalArchiveMalwareScanOverride           Disabled
ProxyCommandLineOptions                   Disabled
DefaultProxy                              Disabled
@similar-issues-ai Similar Issues AI
Copy link

We've found some similar issues:

If any of the above are duplicates, please consider closing this issue out and adding additional context in the original issue.

Note: You can give me feedback by 👍 or 👎 this comment.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs-Triage Issue need to be triaged label Mar 5, 2025
@marticliment marticliment mentioned this issue Mar 5, 2025
Closed
4 tasks
marticliment added a commit to marticliment/UniGetUI that referenced this issue Mar 5, 2025
@marticliment
WinGet will attemp to correct issues with temp folder permissions (fix
d5e8d32 
…#3357, related to microsoft/winget-cli#5276)
@JohnMcPMS
Copy link
Member

Can you provide the ACL for the C:\TEMP directory?

> icacls C:\TEMP

A log file would be helpful as well.

If the process is crashing, contents of one of the events from Event Viewer > Windows Logs > Application would be good.

@microsoft-github-policy-service microsoft-github-policy-service bot removed the Needs-Triage Issue need to be triaged label Mar 6, 2025
@denelon denelon added the Issue-Bug It either shouldn't be doing this or needs an investigation. label Mar 6, 2025
@denelon denelon added this to WinGet Mar 6, 2025
@denelon denelon moved this to To Do in WinGet Mar 6, 2025
@marticliment
Copy link
Author

ACLs

C:\TEMP BUILTIN\Administradores:(I)(OI)(CI)(F)
        NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
        BUILTIN\Usuarios:(I)(OI)(CI)(RX)
        NT AUTHORITY\Authenticated Users:(I)(M)
        NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)

Successfully processed 1 files; Failed processing 0 files

(Output is in spanish, Administradores refers to Administrators, Usuarios refers to Users)

WinGet Logs:

2025-03-07 11:49:06.863 [CORE] WinGet, version [1.10.340], activity [{3D5316D2-0C7A-4D2E-A307-49B15FB16CA0}]
2025-03-07 11:49:06.863 [CORE] OS: Windows.Desktop v10.0.26100.3194
2025-03-07 11:49:06.863 [CORE] Command line Args: winget  list
2025-03-07 11:49:06.863 [CORE] Package: Microsoft.DesktopAppInstaller v1.25.340.0
2025-03-07 11:49:06.863 [CORE] IsCOMCall:0; Caller: winget-cli
2025-03-07 11:49:06.874 [CLI ] WinGet invoked with arguments: 'list'
2025-03-07 11:49:06.874 [CLI ] Found subcommand: list
2025-03-07 11:49:06.874 [CLI ] Leaf command to execute: root:list
2025-03-07 11:49:06.875 [CLI ] Executing command: list
2025-03-07 11:49:06.883 [REPO] Default source requested, multiple sources available, adding all to source references.
2025-03-07 11:49:06.883 [REPO] Adding to source references msstore
2025-03-07 11:49:06.883 [CORE] Default proxy is not set
2025-03-07 11:49:06.883 [REPO] REST HTTP Client helper does not use proxy
2025-03-07 11:49:06.883 [REPO] Adding to source references winget
2025-03-07 11:49:06.883 [CLI ] Created authentication arguments. Mode: silentPreferred, Account: 
2025-03-07 11:49:06.895 [CORE] Examining extension: PFN = Microsoft.Winget.Source_8wekyb3d8bbwe, ID = IndexDB
2025-03-07 11:49:06.895 [CORE] Found matching extension.
2025-03-07 11:49:06.898 [REPO] Multiple sources available, creating aggregated source.
2025-03-07 11:49:06.898 [REPO] Adding to aggregated source: msstore
2025-03-07 11:49:06.898 [REPO] Sending http GET request to: https://storeedgefd.dsx.mp.microsoft.com/v9.0/information
2025-03-07 11:49:07.053 [REPO] Response status: 200
2025-03-07 11:49:07.054 [REPO] Authentication node not found. Assuming authentication type none.
2025-03-07 11:49:07.054 [REPO] Adding to aggregated source: winget
2025-03-07 11:49:07.065 [CORE] Examining extension: PFN = Microsoft.Winget.Source_8wekyb3d8bbwe, ID = IndexDB
2025-03-07 11:49:07.065 [CORE] Found matching extension.
2025-03-07 11:49:07.110 [REPO] Opening database for ImmutableRead at 'C:\Program Files\WindowsApps\Microsoft.Winget.Source_2025.307.851.4_neutral__8wekyb3d8bbwe\Public\index.db'
2025-03-07 11:49:07.110 [SQL ] Opening SQLite connection #1: 'C:\Program Files\WindowsApps\Microsoft.Winget.Source_2025.307.851.4_neutral__8wekyb3d8bbwe\Public\index.db' [1, 40]
2025-03-07 11:49:07.112 [REPO] Opened SQLite Index with version [2.0], last write [2025-03-07 08:49:31.000]
2025-03-07 11:49:07.137 [FAIL] C:\__w\1\s\external\pkg\src\AppInstallerSharedLib\Filesystem.cpp(420)\WindowsPackageManager.dll!00007FFCFAD4C358: (caller: 00007FFCFAD4CD61) Exception(1) tid(52cc) 80070005 Access is denied.

2025-03-07 11:49:07.137 [FAIL] C:\__w\1\s\external\pkg\src\AppInstallerRepositoryCore\RepositorySource.cpp(852)\WindowsPackageManager.dll!00007FFCFAEFEAB7: (caller: 00007FFCFAC3CA29) LogHr(1) tid(52cc) 80070005 Access is denied.
    Msg:[C:\__w\1\s\external\pkg\src\AppInstallerSharedLib\Filesystem.cpp(420)\WindowsPackageManager.dll!00007FFCFAD4C358: (caller: 00007FFCFAD4CD61) Exception(1) tid(52cc) 80070005 Access is denied.
] 

2025-03-07 11:49:07.137 [REPO] Failed to open available source: winget
2025-03-07 11:49:07.269 [REPO] Creating new SQLite Index with version [Latest] at ':memory:'
2025-03-07 11:49:07.270 [SQL ] Opening SQLite connection #2: ':memory:' [6, 0]
2025-03-07 11:49:07.281 [REPO] Reading MSI UpgradeCodes
2025-03-07 11:49:07.402 [REPO] Reading MSI UpgradeCodes
2025-03-07 11:49:07.796 [SQL ] Opening SQLite connection #3: ':memory:' [6, 0]
2025-03-07 11:49:07.797 [FAIL] C:\__w\1\s\external\pkg\src\AppInstallerSharedLib\Filesystem.cpp(420)\WindowsPackageManager.dll!00007FFCFAD4C358: (caller: 00007FFCFAD4CD61) Exception(2) tid(52cc) 80070005 Access is denied.

2025-03-07 11:49:07.911 [CLI ] Caught wil::ResultException: C:\__w\1\s\external\pkg\src\AppInstallerSharedLib\Filesystem.cpp(420)\WindowsPackageManager.dll!00007FFCFAD4C358: (caller: 00007FFCFAD4CD61) Exception(2) tid(52cc) 80070005 Access is denied.

Event Viewer

There doesn't seem to be any reports about the crash on event viewer.
The CLI output of the crash is posted on the original message, and the return code of the process is -2147024891 (0x80070005)

@JohnMcPMS JohnMcPMS linked a pull request Mar 7, 2025 that will close this issue
Open
@microsoft-github-policy-service microsoft-github-policy-service bot added the In-PR Issue related to a PR label Mar 7, 2025
@JohnMcPMS
Copy link
Member

Assuming that my local repro was consistent with your repro (and the initial customer issue), then this PR should fix things.

If you want to be very sure that I got the same issue, if the WinGet directory created during the repro exists, this would fail with access denied:

    HANDLE handle = CreateFileW(L"C:\\Temp\\WinGet", READ_CONTROL | WRITE_OWNER | WRITE_DAC | FILE_READ_ATTRIBUTES, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, nullptr, OPEN_EXISTING, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, nullptr);
    auto lastError = GetLastError();

and this would succeed (removal of WRITE_OWNER):

    HANDLE handle = CreateFileW(L"C:\\Temp\\WinGet", READ_CONTROL | WRITE_DAC | FILE_READ_ATTRIBUTES, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, nullptr, OPEN_EXISTING, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, nullptr);
    auto lastError = GetLastError();

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
In-PR Issue related to a PR Issue-Bug It either shouldn't be doing this or needs an investigation.
Projects
WinGet
Status: To Do
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle access denied error when setting owner if already owner JohnMcPMS/winget-cli
3 participants
@JohnMcPMS @marticliment @denelon