4

I have two game accounts in a game that allows addons. The addons save their data into files. Whenever the game is closed (from a manual close, a disconnect, a crash, etc.), the game writes to the specific account's data file. So, for any given addon, each account has a separate data file.

What I'd like to accomplish is to share the data between both accounts while allowing only one of the accounts to write data to the file. While I could purposely log them out in a particular order to make sure that the correct account is the one that actually writes to the file, I don't always have control over logouts in the event of server or client crashes.

Let's say the data files are arranged like this:

C:\Games\GameTitle\Data\PrimaryAccount\addonDataFile.txt C:\Games\GameTitle\Data\SecondaryAccount\addonDataFile.txt

I would like the first file to be treated like the second file while being read, but to deny any writes to the second file when an attempt is made to write to it. As far as I'm aware, a symlink in Windows only meets the first criteria.

Is there a way to make a read-only symlink to a file, preventing writes from being made via the symlink?

KOVIKO
  • 319
  • 1
  • 6
  • 16
  • If I'm understanding you correctly, why can't you use permissions to prevent write access to the file from the second account? – Frank Thomas Jun 05 '15 at 02:07
  • @FrankThomas I'm honestly not sure what I can or cannot do in this situation. As far as I know, symlinks make it so that both file paths point to the exact same file. If there's a way to make it so that one of the file paths can't actually write to the file (or inversely, only one filepath CAN write to the path), then that'd likely solve my problem. – KOVIKO Jun 05 '15 at 03:29
  • don't focus on the path, focus on the user accounts. symlink the files, but set the permission on the target so that one user has full control, and the other only has read. – Frank Thomas Jun 05 '15 at 04:33
  • Oh, the accounts are accounts in a PC game, not Windows accounts. – KOVIKO Jun 05 '15 at 04:49
  • unfourtunately, no, you cannot apply permissions to a path via a link. As described on this question, permissions on a link only affect the link itself, not the underlying file, so the only meaningful permissions are delete and rename. a link will not solve your issue, at least not entirely. http://superuser.com/questions/366116/scenario-ntfs-symbolic-link-or-junction – Frank Thomas Jun 05 '15 at 12:00

1 Answers1

3

I'm afraid there is no good solution to this question as presented, in that File permissions tie to the file object itself in NTFS (in the MFT$), so any given file has only one set of permissions, even if there are multiple links to it. Permissions on links are very limited, and apply to the link/junction itself, not the target object, with one exception: denying file listing on a junction will prevent the user from seeing any file within the junction.

Instead I recommend dynamically switching the permissions, or the readonly bit when launching your game, depending on which account you intend to use. You could do so by creating two batch files, which set the file to writable or readonly, and then launch the game.

the simplest approach would be to use the readonly bit:

Batch #1

#Readonly user
attrib +R c:\path\to\file.ext
c:\path\to\game.exe

Batch #2

#ReadWrite user
attrib -R c:\path\to\file.ext
c:\path\to\game.exe

Some executables may attempt to turn off the read only bit if they have trouble writing to a file they want, so if these batch files are not sufficient, try denying your windows user write access instead, using the cacls command. it would be somthing like:

Batch #1

#Readonly user
CACLS c:\path\to\file.ext /E /P "Username":R
c:\path\to\game.exe

Batch #2

#ReadWrite user
CACLS c:\path\to\file.ext /E /P "Username":F
c:\path\to\game.exe

Then finally, to make it all easier to use, just create game short cuts for each account, and point them to the appropriate batch file.

As I said, its unfourtunate that there is no clean solution to this issue, but this is a pretty marginal case, and the technology was just never designed to work as you would like. hopefully this somewhat hackish approach will work for you though.

Community
  • 1
Frank Thomas
  • 35,097
  • 3
  • 77
  • 98
  • My intent was to run both game accounts at once, but since that's not possible, your solution is the next best thing. :) – KOVIKO Jun 05 '15 at 19:13
  • wow, that makes it even less likely to work, just because of the way the windows file system API handles file locking. its likely that the second program would crash or ignore the file because it couldn't open it with the expected access semantics. two processes can't have a file open for write, at the same time, unless very special techniques are used, so windows prevents it – Frank Thomas Jun 06 '15 at 06:18
  • This is one of the most thorough answers I've seen to a "simple" question. – David A. Gray Nov 07 '19 at 02:24