Win file permissions: Win32::FileSecurity vs. Win32::OLE

MaxKlokan has asked for the wisdom of the Perl Monks concerning the following question:

Hello fellow monks,

I need to dump the ACLs for Windows directories in the form of DACL bitmasks.

If I do it with Win32::FileSecurity it is very fast and all works well with one exception: the "deny" type of permissions are not dumped. If a user has only "deny" permissions, DACL bitmask is not even seen. If it has both "allow" and "deny" permissions the bitmask is the same as if it had only "allow" kind of permissions.

I have then tried with Win32::OLE. It works well but, besides requiring more complex code, it is extremely slow as compared to Win32::FileSecurity.

Is there a way to have the cake and eat it too (i.e. get full DACL info and fast), possibly without having to install extra modules (using ActiveState 5.8.8)?

Thanks for your suggestions...

Comment on Win file permissions: Win32::FileSecurity vs. Win32::OLE

Replies are listed 'Best First'.
Re: Win file permissions: Win32::FileSecurity vs. Win32::OLE (fix it) by tye (Sage) on Dec 07, 2006 at 12:02 UTC
Yes. You fix Win32::FileSecurity and then everyone benefits from this long-standing oversite because you post the patch to RT (navigate to the distribution that the module is in and then select "view bug reports"...) - tye	[reply]
Re^2: Win file permissions: Win32::FileSecurity vs. Win32::OLE (fix it) by MaxKlokan (Monk) on Dec 08, 2006 at 10:14 UTC
You are right, that's a possible solution and generally speaking I would agree with your answer. However, if I knew how to do that, then I wouldn't be posting the question here and I would be working on it already. I'll keep looking for alternatives and post my findings, if any.	[reply]
Re^3: Win file permissions: Win32::FileSecurity vs. Win32::OLE (fix it) by syphilis (Archbishop) on Dec 08, 2006 at 10:47 UTC
However, if I knew how to do that, then I wouldn't be posting the question here and I would be working on it already At http://aspn.activestate.com/ASPN/Mail/ you'll see there's a libwin-32 mailing list. It's all but dead ... but there's possibly still a few people subscribed to that list (eg Jan Dubois) willing and able to help with the problem. Alternatively a simple bug report, without any proposed solution, to either rt.cpan.org (as tye suggested) or a Bugzilla report (see http://bugs.activestate.com/help.cgi) might prove fruitful. Jan Dubois is closely associated with fixing bugs in both ActiveState and the libwin package - but it's probably more appropriate to file your report with rt.cpan.org as it's really a libwin bug (rather than an ActiveState bug). Cheers, Rob	[reply]
Re^3: Win file permissions: Win32::FileSecurity vs. Win32::OLE (fix it) by tye (Sage) on Dec 08, 2006 at 19:55 UTC
You are capable of writing working code to do this using Win32::OLE. The complexity of fixing this module to add support for one more enum value is likely much less than that. Perhaps you should try rather than declaring defeat. - tye	[reply]
Re: Win file permissions: Win32::FileSecurity vs. Win32::OLE by bingos (Vicar) on Dec 07, 2006 at 12:08 UTC
Having a mooch through the code for Win32::FileSecurity it appears to not recognise ACCESS_DENIED_ACE_TYPE, which I guess is because it predates the Deny that came in with Windows 2000 NTFS Win32::FileSecurity would need patching to enumerate denial ACE types. Unfortunately, my Win32 C++ 'skills' are not up to such a task.	[reply]


Problems? Is your data what you think it is?
	PerlMonks