Set NTFS permissions for folder

delphi package - easy access to security apis

Set NTFS permissions for folder

Postby petergust » Sun Jan 15, 2006 5:58 pm

Hi!

I'm trying to add a new user for a folder':

Code: Select all
var
     ISecObj: ISecurityObject;
     IACLObj: Iacl;
begin

     ISecObj := FileSecurity( 'C:\Test\123' );

     IACLObj := ISecObj.DAcl;

     IACLObj.NewItem(Account('test'),0,atAllowed,[afSuccessfulAccess]);

     if IACLObj.Flush then
          ShowMessage('Fush OK!')
     else
          ShowMessage('Fush NOT OK!');


I get a Flush OK but the the user TEST is not added.

And what should I write to set Change permissions?

Folder and user exists on my system.



// Peter
petergust
 
Posts: 5
Joined: Sun Jan 15, 2006 5:48 pm

Postby madshi » Mon Jan 16, 2006 7:29 am

What does "NewItem" return?

What is the sense of that ACE? I mean adding an item with 0 access rights sounds a bit strange to me!
madshi
Site Admin
 
Posts: 9793
Joined: Sun Mar 21, 2004 5:25 pm

Postby petergust » Mon Jan 16, 2006 7:56 am

madshi wrote:What does "NewItem" return?

The first time I run code it returns 4, then 5,6..

madshi wrote:What is the sense of that ACE? I mean adding an item with 0 access rights sounds a bit strange to me!

It what too late when I did this. When I change it to 1, the user is added
but I can't find anything about this value.

Help only say: IAce.Access : cardinal;

// Peter
petergust
 
Posts: 5
Joined: Sun Jan 15, 2006 5:48 pm

Postby madshi » Mon Jan 16, 2006 8:02 am

I'd suggest using IACL.SetFileAccess. This makes it a lot easier for you. The access masks are quite complicated. There are multiple flags which must be ORed together to get proper "read" and "write" access. The method "SetFileAccess" encapsulates this kind of stuff for you.
madshi
Site Admin
 
Posts: 9793
Joined: Sun Mar 21, 2004 5:25 pm

Postby petergust » Mon Jan 16, 2006 8:32 am

madshi wrote:I'd suggest using IACL.SetFileAccess. This makes it a lot easier for you. The access masks are quite complicated. There are multiple flags which must be ORed together to get proper "read" and "write" access. The method "SetFileAccess" encapsulates this kind of stuff for you.
I tried that one, but it set to Full access and our users
should only have change permissions in homedirectory.

Do you have a more detailed description for the access masks?
I'm used to commandlines with many flags. :wink:

// Peter
petergust
 
Posts: 5
Joined: Sun Jan 15, 2006 5:48 pm

Postby madshi » Mon Jan 16, 2006 9:27 am

Check out these links:

http://msdn.microsoft.com/library/defau ... s_mask.asp
http://msdn.microsoft.com/library/defau ... rights.asp

Another possibility would be to manually setup the ACL the way you want it and then use madSecurity to read out which access masks are contained in the ACL. Then you know the exact flag combination for what you want to achieve.
madshi
Site Admin
 
Posts: 9793
Joined: Sun Mar 21, 2004 5:25 pm

Postby petergust » Mon Jan 16, 2006 10:47 am

madshi wrote:Check out these links:

http://msdn.microsoft.com/library/defau ... s_mask.asp
http://msdn.microsoft.com/library/defau ... rights.asp

Another possibility would be to manually setup the ACL the way you want it and then use madSecurity to read out which access masks are contained in the ACL. Then you know the exact flag combination for what you want to achieve.


Thanks!

I used FindItem to locate a user, and the result I got for Change permission is 1245631, but when I add a new user with this
access mask the Apply Onto is set to This folder.

Is there anymore settings to change Apply Onto to This folder, subfolders and files?

If I manually set to This folder I get the same value, 1245631.

// Peter
petergust
 
Posts: 5
Joined: Sun Jan 15, 2006 5:48 pm

Postby madshi » Mon Jan 16, 2006 11:01 am

You can try using the "afObjectInherit, afContainerInherit" flags. If that doesn't work, you might have to manually loop through the child objects... :shock:

Btw, I'd suggest using hexadecimal for the flags. That makes it much easier to see which flags are contained. That would be $1301BF.
madshi
Site Admin
 
Posts: 9793
Joined: Sun Mar 21, 2004 5:25 pm

Postby petergust » Mon Jan 16, 2006 1:53 pm

madshi wrote:You can try using the "afObjectInherit, afContainerInherit" flags. If that doesn't work, you might have to manually loop through the child objects... :shock:

Btw, I'd suggest using hexadecimal for the flags. That makes it much easier to see which flags are contained. That would be $1301BF.

I changed the flags and that did the trick! :D

Thanks for all help!

// Peter
petergust
 
Posts: 5
Joined: Sun Jan 15, 2006 5:48 pm


Return to madSecurity

Who is online

Users browsing this forum: No registered users and 2 guests

cron