Set NTFS permissions for folder

delphi package - easy access to security apis
Post Reply
petergust
Posts: 5
Joined: Sun Jan 15, 2006 5:48 pm

Set NTFS permissions for folder

Post by petergust »

Hi!

I'm trying to add a new user for a folder':

Code: Select all

var
     ISecObj: ISecurityObject;
     IACLObj: Iacl;
begin

     ISecObj := FileSecurity( 'C:\Test\123' );

     IACLObj := ISecObj.DAcl;

     IACLObj.NewItem(Account('test'),0,atAllowed,[afSuccessfulAccess]);

     if IACLObj.Flush then
          ShowMessage('Fush OK!')
     else
          ShowMessage('Fush NOT OK!');
I get a Flush OK but the the user TEST is not added.

And what should I write to set Change permissions?

Folder and user exists on my system.



// Peter
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

What does "NewItem" return?

What is the sense of that ACE? I mean adding an item with 0 access rights sounds a bit strange to me!
petergust
Posts: 5
Joined: Sun Jan 15, 2006 5:48 pm

Post by petergust »

madshi wrote:What does "NewItem" return?
The first time I run code it returns 4, then 5,6..
madshi wrote:What is the sense of that ACE? I mean adding an item with 0 access rights sounds a bit strange to me!
It what too late when I did this. When I change it to 1, the user is added
but I can't find anything about this value.

Help only say: IAce.Access : cardinal;

// Peter
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

I'd suggest using IACL.SetFileAccess. This makes it a lot easier for you. The access masks are quite complicated. There are multiple flags which must be ORed together to get proper "read" and "write" access. The method "SetFileAccess" encapsulates this kind of stuff for you.
petergust
Posts: 5
Joined: Sun Jan 15, 2006 5:48 pm

Post by petergust »

madshi wrote:I'd suggest using IACL.SetFileAccess. This makes it a lot easier for you. The access masks are quite complicated. There are multiple flags which must be ORed together to get proper "read" and "write" access. The method "SetFileAccess" encapsulates this kind of stuff for you.
I tried that one, but it set to Full access and our users
should only have change permissions in homedirectory.

Do you have a more detailed description for the access masks?
I'm used to commandlines with many flags. :wink:

// Peter
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Check out these links:

http://msdn.microsoft.com/library/defau ... s_mask.asp
http://msdn.microsoft.com/library/defau ... rights.asp

Another possibility would be to manually setup the ACL the way you want it and then use madSecurity to read out which access masks are contained in the ACL. Then you know the exact flag combination for what you want to achieve.
petergust
Posts: 5
Joined: Sun Jan 15, 2006 5:48 pm

Post by petergust »

madshi wrote:Check out these links:

http://msdn.microsoft.com/library/defau ... s_mask.asp
http://msdn.microsoft.com/library/defau ... rights.asp

Another possibility would be to manually setup the ACL the way you want it and then use madSecurity to read out which access masks are contained in the ACL. Then you know the exact flag combination for what you want to achieve.
Thanks!

I used FindItem to locate a user, and the result I got for Change permission is 1245631, but when I add a new user with this
access mask the Apply Onto is set to This folder.

Is there anymore settings to change Apply Onto to This folder, subfolders and files?

If I manually set to This folder I get the same value, 1245631.

// Peter
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

You can try using the "afObjectInherit, afContainerInherit" flags. If that doesn't work, you might have to manually loop through the child objects... :shock:

Btw, I'd suggest using hexadecimal for the flags. That makes it much easier to see which flags are contained. That would be $1301BF.
petergust
Posts: 5
Joined: Sun Jan 15, 2006 5:48 pm

Post by petergust »

madshi wrote:You can try using the "afObjectInherit, afContainerInherit" flags. If that doesn't work, you might have to manually loop through the child objects... :shock:

Btw, I'd suggest using hexadecimal for the flags. That makes it much easier to see which flags are contained. That would be $1301BF.
I changed the flags and that did the trick! :D

Thanks for all help!

// Peter
Post Reply