Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(installer)!: install Gateway service as NetworkService #838

Merged
merged 2 commits into from
May 4, 2024
Merged

fix(installer)!: install Gateway service as NetworkService #838

merged 2 commits into from
May 4, 2024

Conversation

thenextman
Copy link
Member

@thenextman thenextman commented May 2, 2024
edited
Loading

Install the Devolutions Gateway service under the NetworkService account instead of LocalSystem. This significantly reduces the permissions available to the service account.

Relevant file paths are updated to grant NetworkService the appropriate access. Broadly, file permissions in %programdata%/Devolutions/Gateway are inherited from the "Gateway" parent directory. In my tests there is no issue; however it could cause a problem if users have manually adjusted file permissions or customized their setup in unforeseen ways.

Warning

We attempted this modification before but backed out again after at least one breaking problem in a customer environment. This is a change that we must make and we are likely in a better footing now to diagnose and deal with any resultant problems. If possible, we should call this out in the release notes as a potentially breaking change.

Additionally, rollback the wixtoolset version in CI. Latest GitHub runners ship version 3.14.1, which is broken. This can be reverted once 3.14.2 is published to chocolatey and the runner images are updated.

Issue: VM-1923

@thenextman thenextman marked this pull request as draft May 2, 2024 19:53
@thenextman thenextman marked this pull request as ready for review May 3, 2024 16:02
@thenextman thenextman requested review from a team as code owners May 3, 2024 16:02
CBenoit
CBenoit approved these changes May 4, 2024
View reviewed changes
Copy link
Member

@CBenoit CBenoit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let’s go! 🤞

@CBenoit CBenoit merged commit 1c8a7d2 into master May 4, 2024
31 checks passed
@CBenoit CBenoit deleted the install-network-service branch May 4, 2024 12:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CBenoit CBenoit CBenoit approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thenextman @CBenoit