|
Win32::FileSecurity - manage FileSecurity Discretionary Access Control Lists in perl |
Win32::FileSecurity - manage FileSecurity Discretionary Access Control Lists in perl
use Win32::FileSecurity;
This module offers control over the administration of system FileSecurity DACLs. You may want to use Get and EnumerateRights to get an idea of what mask values correspond to what rights as viewed from File Manager.
DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZE, STANDARD_RIGHTS_REQUIRED, STANDARD_RIGHTS_READ, STANDARD_RIGHTS_WRITE, STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_ALL, SPECIFIC_RIGHTS_ALL, ACCESS_SYSTEM_SECURITY, MAXIMUM_ALLOWED, GENERIC_READ, GENERIC_WRITE, GENERIC_EXECUTE, GENERIC_ALL, F, FULL, R, READ, C, CHANGE
All of the functions return FALSE (0) if they fail, unless otherwise noted.
Errors returned via $! containing both Win32 GetLastError() and a text message
indicating Win32 function that failed.
$set = Win32::FileSecurity::NAME_OF_CONSTANT();.
Entries take the form $permisshash{USERNAME} = $mask ;
# Gets the rights for all files listed on the command line.
use Win32::FileSecurity qw(Get EnumerateRights);
foreach( @ARGV ) {
next unless -e $_ ;
if ( Get( $_, \%hash ) ) {
while( ($name, $mask) = each %hash ) {
print "$name:\n\t";
EnumerateRights( $mask, \@happy ) ;
print join( "\n\t", @happy ), "\n";
}
}
else {
print( "Error #", int( $! ), ": $!" ) ;
}
}
# Gets existing DACL and modifies Administrator rights
use Win32::FileSecurity qw(MakeMask Get Set);
# These masks show up as Full Control in File Manager
$file = MakeMask( qw( FULL ) );
$dir = MakeMask( qw(
FULL
GENERIC_ALL
) );
foreach( @ARGV ) {
s/\\$//;
next unless -e;
Get( $_, \%hash ) ;
$hash{Administrator} = ( -d ) ? $dir : $file ;
Set( $_, \%hash ) ;
}
MakeMask( qw( FULL ) ); # for files
MakeMask( qw( READ GENERIC_READ GENERIC_EXECUTE ) ); # for directories
MakeMask( qw( CHANGE ) ); # for files
MakeMask( qw( CHANGE GENERIC_WRITE GENERIC_READ GENERIC_EXECUTE ) ); # for directories
MakeMask( qw( ADD GENERIC_READ GENERIC_EXECUTE ) ); # for directories only!
MakeMask( qw( FULL ) ); # for files
MakeMask( qw( FULL GENERIC_ALL ) ); # for directories
| From Microsoft: check_sd | |
| http://premium.microsoft.com/download/msdn/samples/2760.exe |
(thanks to Guert Schimmel at Sybase for turning me on to this one)
1.03 ALPHA 97-12-14
Fix unitialized vars on unknown ACLs <jmk@exc.bybyte.de>
INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE Access Control Entry.
May need to rethink...
Added ISA exporter, and @EXPORT_OK
Added F, FULL, R, READ, C, CHANGE as composite pre-built mask names.
Added server\ to keys returned in hash from Get
Made constants and MakeMask case insensitive (I don't know why I did that)
Fixed mask comparison in ListDacl and Enumerate Rights from simple & mask to exact bit match ! ( ( x & y ) ^ x ) makes sure all bits in x are set in y
Fixed some ``wild'' pointers
Included ListDacl.exe in bundle for debugging
Added ``intuitive'' inheritance for directories, basically functions like FM triggered by presence of GENERIC_ rights this may need to change
see EXAMPLE2
Changed from AddAccessAllowedAce to AddAce for control over inheritance
Using AddAccessAllowedAce
Suitable for file permissions
|
Win32::FileSecurity - manage FileSecurity Discretionary Access Control Lists in perl |