Tighter ACLs on Sandbox directories

pdp1 · Post by **pdp1** » Wed May 19, 2010 7:22 pm

Hi

I notice in another post -

http://www.sandboxie.com/phpbb/viewtopic.php?t=4964

that the full-control for authenticated users is deliberate. Is there *any* way that you might be able to apply more restrictive, user-specific ACLs to the Sandbox folders?

Cheers, and thanks for the useful app.

Guest10 · Post by **Guest10** » Thu May 20, 2010 8:54 am

You might want to investigate the program 'cacls' that is built-into Windows (at least some versions of Windows).
See if it's on yours by running from a cmd window:
cacls /?

Restore the default setting with:

Code: Select all

c:
cd \sandbox
cacls *.* /T /G Everyone:F

assuming that your Sandbox folder is at C:\Sandbox

pdp1 · Post by **pdp1** » Thu May 20, 2010 5:19 pm

Thanks for the tip.

I guess I was just wondering if SandboxIE might be able to do it 'programmatically' when it creates them. I'll have a play with cacls and see if sandbox is happy with tighter permissions.

Cheers.

tzuk · Post by **tzuk** » Thu May 20, 2010 5:39 pm

I won't be changing this, but you might consider setting the sandbox folder to be within a folder that has tighter permissions. For example,

%UserProfile%\Sandbox\%SANDBOX%

instead of the default

C:\Sandbox\%USER%\%SANDBOX%

http://www.sandboxie.com/index.php?Sand ... #container

pdp1 · Post by **pdp1** » Thu May 20, 2010 6:39 pm

Thanks.

It seems quite happy with a tighter top-level directory, so I'll go with that for now.

Cheers.

Nurple · Post by **Nurple** » Sun Aug 08, 2010 9:03 am

Sorry to bump this thread, but I noticed you can read/write etc to other users sandbox's even when you set the sandbox to be within their profiles.

Sandboxie Support

Tighter ACLs on Sandbox directories

Tighter ACLs on Sandbox directories

Who is online