Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

Win file permissions: Win32::FileSecurity vs. Win32::OLE

by MaxKlokan (Monk)
on Dec 07, 2006 at 10:21 UTC ( #588284=perlquestion: print w/replies, xml ) Need Help??

MaxKlokan has asked for the wisdom of the Perl Monks concerning the following question:

Hello fellow monks,

I need to dump the ACLs for Windows directories in the form of DACL bitmasks.

If I do it with Win32::FileSecurity it is very fast and all works well with one exception: the "deny" type of permissions are not dumped. If a user has only "deny" permissions, DACL bitmask is not even seen. If it has both "allow" and "deny" permissions the bitmask is the same as if it had only "allow" kind of permissions.

I have then tried with Win32::OLE. It works well but, besides requiring more complex code, it is extremely slow as compared to Win32::FileSecurity.

Is there a way to have the cake and eat it too (i.e. get full DACL info and fast), possibly without having to install extra modules (using ActiveState 5.8.8)?

Thanks for your suggestions...

  • Comment on Win file permissions: Win32::FileSecurity vs. Win32::OLE

Replies are listed 'Best First'.
Re: Win file permissions: Win32::FileSecurity vs. Win32::OLE (fix it)
by tye (Sage) on Dec 07, 2006 at 12:02 UTC

    Yes. You fix Win32::FileSecurity and then everyone benefits from this long-standing oversite because you post the patch to RT (navigate to the distribution that the module is in and then select "view bug reports"...)

    - tye        

      You are right, that's a possible solution and generally speaking I would agree with your answer. However, if I knew how to do that, then I wouldn't be posting the question here and I would be working on it already.

      I'll keep looking for alternatives and post my findings, if any.

        However, if I knew how to do that, then I wouldn't be posting the question here and I would be working on it already

        At you'll see there's a libwin-32 mailing list. It's all but dead ... but there's possibly still a few people subscribed to that list (eg Jan Dubois) willing and able to help with the problem.

        Alternatively a simple bug report, without any proposed solution, to either (as tye suggested) or a Bugzilla report (see might prove fruitful. Jan Dubois is closely associated with fixing bugs in both ActiveState and the libwin package - but it's probably more appropriate to file your report with as it's really a libwin bug (rather than an ActiveState bug).


        You are capable of writing working code to do this using Win32::OLE. The complexity of fixing this module to add support for one more enum value is likely much less than that. Perhaps you should try rather than declaring defeat.

        - tye        

Re: Win file permissions: Win32::FileSecurity vs. Win32::OLE
by bingos (Vicar) on Dec 07, 2006 at 12:08 UTC

    Having a mooch through the code for Win32::FileSecurity it appears to not recognise ACCESS_DENIED_ACE_TYPE, which I guess is because it predates the Deny that came in with Windows 2000 NTFS

    Win32::FileSecurity would need patching to enumerate denial ACE types. Unfortunately, my Win32 C++ 'skills' are not up to such a task.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://588284]
Approved by Corion
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (6)
As of 2020-10-29 05:57 GMT
Find Nodes?
    Voting Booth?
    My favourite web site is:

    Results (269 votes). Check out past polls.