Setting Read/Write access

delphi package - easy access to security apis

Setting Read/Write access

Postby ScottC » Sat Jul 11, 2009 4:42 pm

How do I set rights on a folder to allow "Read" and "Write" access but not "List folder contents" or "Execute"?

Code: Select all
  With FileSecurity(Path).DACL do
    begin
      Clear;
      NewItem(Account('S-1-5-11'), GENERIC_All, atAllowed, [afObjectInherit, afContainerInherit]);
    end;


I am able to set full rights with this code but I need to limit the users to have only read/write access.

I need the security to be like this.

Image
ScottC
 
Posts: 2
Joined: Sat Jul 11, 2009 4:13 pm

Postby madshi » Mon Jul 13, 2009 6:23 pm

Hello,

the problem with this is that the exact flag combination sometimes even differs between different OSs. Your best bet would be to configure a dummy folder the way you want it to be and then use madSecurity to list the contents of the ACL. That way you will know which flags the OS wants to have for the given configuration. You need to replace GENERIC_ALL with something else.
madshi
Site Admin
 
Posts: 9649
Joined: Sun Mar 21, 2004 5:25 pm

Postby ScottC » Mon Jul 13, 2009 6:27 pm

Is there an example of how to list the contents of the ACL?
ScottC
 
Posts: 2
Joined: Sat Jul 11, 2009 4:13 pm

Postby madshi » Fri Jul 17, 2009 6:36 am

It's rather simple:

Code: Select all
with FileSecurity(Path).DACL do
  for i1 := 0 to ItemCount - 1 do
    ShowMessage(Items[i1].Account.Name + ' / ' + IntToHex(Items[i1].Access, 1));
madshi
Site Admin
 
Posts: 9649
Joined: Sun Mar 21, 2004 5:25 pm


Return to madSecurity

Who is online

Users browsing this forum: No registered users and 1 guest