Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

SetACL problems

by Skarlso (Initiate)
on Sep 13, 2007 at 07:49 UTC ( [id://638748]=perlquestion: print w/replies, xml ) Need Help??

Skarlso has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks, Fellow wisdom seekers and alike. I have a problem as so many others. I'm trying to randomize an ACL setting string for a test i write in perl. I did not no much of ACL until now. I had to learn how to use it. But now i've got a problem as follow. The ACL overwrites the previous settings. So the owner will disappear and replaced by the newly created ACL string which says : Everyone. I'm not able to set an ACL for the owner as if : domain\user because it says it cannot find the SID. i tried s:n and s:y also. the problem is the file which will be created will be on another domain. So it tends to be the problem that the created files cannot be accessable by anybody... No view now delete no permissions whatsoever, although the ACL string seams to be well. Exm: setacl.exe -on "z:\test8lhmJ.xls" -ot file -actn ace -ace "n:Everyone;s:n;i:so;p:read" -actn setprot -op "dacl:np" So can i somehow append ACL settings or at least is there a fine way to just copy the current ACL settings and use them also? Or should i abandon the system use of setacl or calcls ... ? Thank you for your answer in advice, Gergely.

Replies are listed 'Best First'.
Re: SetACL problems
by sgt (Deacon) on Sep 13, 2007 at 13:14 UTC

    Cygwin has setfacl and getfacl. IIRC cygwin does just enough windows acls to implement un*x permissions semantics, so keep in mind it might not give you everything. (BTW where is your setacl, I have windows xp and could not find it, and so could not contrast the output of both set*acl).

    If you don't care for a "normal install" using cygwin setup, do the following:

  • Get the "cygwin" package (just 1 package) for example the latest one say with 'curl -O ftp://ftp.heanet.ie/pub/cygwin/release/cygwin/cygwin-1.5.24-2.tar.bz2' (-big-Oh not -zero)
  • extract it somewhere and just put the *facl and cygwin1.dll in a directory you can access from your code
  • try running getfacl from there; if it does not work get the ash package, proceed as before but run getfacl from ash.
  • IIRC directories have also a default acl...note that *I do not do acls* ;)

    At least that gives something to try if you're stuck. Good luck.

    % steph@ap (/home/stephan) % % cygcheck /usr/bin/getfacl.exe C:/cygwin/bin/getfacl.exe C:/cygwin/bin\cygwin1.dll C:\WINDOWS\system32\ADVAPI32.DLL C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\KERNEL32.dll C:\WINDOWS\system32\RPCRT4.dll
    cheers --stephan
Re: SetACL problems
by cdarke (Prior) on Sep 13, 2007 at 13:25 UTC
    Not sure where Perl comes into this, which Perl interface are you using? There are several and these will affect the answer.
    There are also several layers of Win32 security APISs, and that depend on the version of Windows (NT4, 2000, XP, 2003, Vista all instoduced new security APIs).

    Here is what I would do using C/C++/XS:
    You can get an existing ACL using GetNamedSecurityInfo(), and then create ACEs with BuildExplicitAccessWithName(). You then merge the new ACEs with the 'old' ACL to create a new one, using SetEntriesInAcl() - I guess this is the guy you want.
    You then set the new ACL into the object's security descriptor(SD) using SetNamedSecurityInfo().

    I'm not sure what you have screwed up, maybe you wrote a bad SD? The DACL is not supposed to be searched if you are the owner, but it looks like the SID might be toast. If this is a file, try copying it to a non-secure filesystem (like FAT) and back again, always assuming you can get the copy to work. You might have to use an Administrator user for that.

    update: OK, I missed that you are using cygwin.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://638748]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (4)
As of 2024-03-29 08:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found