[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

How can I set security properity to a directory?

I set security propertiy a directroy,but it shows propertiy as "all(*)(not sure)"
0
wenson
Asked:
wenson
  • 9
  • 6
1 Solution
 
wensonAuthor Commented:
sorry,your anwser is not what i want .I set successfuly the security properity to a file with VC++. But I didn't correctly set the security properity to a directory.
0
 
jkrCommented:
>>I set successfuly the security properity to a file with
>>VC++.

That's actually the same...
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
jkrCommented:
Well, IOW - the terms 'directory' and 'file' are interchangeable in this context, as - from the point of view of the API - it IS the same...
0
 
wensonAuthor Commented:
no,it works well to a file ,but didn't work well to a directory? if you have time ,we may discuss it throught email,my email is :wangah@ggw.com.cn
thanks!
0
 
wensonAuthor Commented:
you are right.but the directroy security have two items,
one term is directory permittion,another is directory access permission.then use SetFileSecurity() only can set directroy permittion ,not diretory access permission.
0
 
jkrCommented:
Well, Cacls e.g is supposed to cope with all of that - MS ships it in the NT Resource Kit...
0
 
wensonAuthor Commented:
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 
wensonAuthor Commented:
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 
wensonAuthor Commented:
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 
wensonAuthor Commented:
now , I give the program snippet .
        PSID pSid=NULL;
      PSID pSid2=NULL;
      DWORD cbSid;
    WCHAR RefDomain[DNLEN + 1];
    DWORD cchDomain = DNLEN + 1;
    SID_NAME_USE peUse;      
      SECURITY_DESCRIPTOR * psd;
      PACL pDacl = NULL;
      DWORD dwAclSize;
      BOOL bSuccess = FALSE; // assume this function
//fails      
      #define SID_SIZE 96
      cbSid = SID_SIZE;
      pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }    
      pSid2 = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
      if(pSid2 == NULL) {
            AfxMessageBox("HeapAlloc error!\n");
          return ;
      }      
      if(!LookupAccountNameW(NULL,    
            L"stu1",   //
            pSid,       // Sid buffer
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try //again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
                  if(pSid == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL,                         L"stu1",                                           pSid,                                        &cbSid,     // size of Sid
                        RefDomain,              
                          &cchDomain,                                         &peUse)) {
                        printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }    
            if(!LookupAccountNameW(NULL,                   L"Administrator",               
                pSid2,
            &cbSid,     // size of Sid
            RefDomain,  // Domain account found on (unused)
            &cchDomain, // size of domain in chars
            &peUse         )) {    
            //if the buffer wasn't large enough, try again        
            if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
                  pSid2 = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid2, cbSid);
                  if(pSid2 == NULL) {
                        AfxMessageBox("HeapReAlloc error!\n");
                        goto cleanup;
                  }              
                  cchDomain = DNLEN + 1;              
                  if(!LookupAccountNameW(NULL, // default lookup logic
                        L"Administrator",   // user/group of interest from commandline
                        pSid2,       // Sid buffer
                        &cbSid,     // size of Sid
                        RefDomain,  // Domain
                        &cchDomain, // size of                         &peUse                 )) {
                        AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                        goto cleanup;
                        }
                        } else {
                              AfxMessageBox("LookupAccountName error! (rc=%lu)\n", GetLastError());
                              goto cleanup;
                              }
            }      
            dwAclSize = sizeof(ACL) + 1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSid)
                                      + 1 *(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pSid2);
            pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
            if(pDacl == NULL) goto cleanup;
            if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
            {
                        AfxMessageBox("??????pDacl????");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL|GENERIC_READ, pSid))
            {
                        AfxMessageBox("Add ace error");
                        goto cleanup;
            }
            if(!AddAccessAllowedAce(pDacl,ACL_REVISION,GENERIC_ALL, pSid2))
            {
                  AfxMessageBox("Add ace error");
                  goto cleanup;
            }
            psd=(SECURITY_DESCRIPTOR *)LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
            if(!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
            {
                  AfxMessageBox("initialize Descriptor error");
                  goto cleanup;
            }
            if(!SetSecurityDescriptorDacl(psd, TRUE,pDacl, SE_DACL_DEFAULTED)) {
                  AfxMessageBox("SetSecurityDescriptorDacl error! (rc=%lu)\n",GetLastError());
                  goto cleanup;
            }
            if(!SetFileSecurity("d:\\win98",DACL_SECURITY_INFORMATION,psd))
            {
                  AfxMessageBox(" setfile failed");
                  goto cleanup;
            }
            SetSecurityDescriptorOwner(psd,pSid2,TRUE);
            SetSecurityDescriptorGroup(psd,pSid2,TRUE);
            cleanup:
                  if(psd!=NULL)
                        LocalFree((HLOCAL)psd);
                  if(pDacl != NULL)
                        HeapFree(GetProcessHeap(), 0, pDacl);
                  if(pSid != NULL)
                        HeapFree(GetProcessHeap(), 0, pSid);
                  if(!bSuccess) {
                      return ;
                 }
0
 
wensonAuthor Commented:
no,if I use comand cacls,it will pop up a dialog .if I set lots of directorys ,it will be too bad.so I must do it by programing.
0
 
jkrCommented:
>>no,if I use comand cacls,it will pop up a dialog

That's why I pointed you to it's SOURCE CODE at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/html/vcsmpcacls.asp 
0
 
wensonAuthor Commented:
sorry,I didn't know well System NT.if you can give me a sample that can set Directory propertiy ,I will give you
500 points.Ok?thank you!
0
 
vbk_bgmCommented:
You can refer to the article Q115948.
From MSDN,

The discretionary access control list (DACL) for a directory usually differs from that of a file. When assigning security to a directory, you are often specifying both the security for the directory and the security for any contained files and directories.

A directory's ACL will normally contain at least two access control entries (ACE):



An ACE for the directory itself and any subdirectories.


An ACE for any files in the directory.


If an ACE is to apply to object in the directory (subdirectories and files), the ACE is marked as an OBJECT_INHERIT_ACE and/or a CONTAINER_INHERIT_ACE. (In this article, a container means a directory.)

For example, when you use File Manager to set the security on a directory to "Change (RWXD)(RWXD)," the directory's DACL contains the following two ACEs:

   ACE1 (applies to files in the directory)
      ACE flags:   INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE
      Access Mask: DELETE | GENERIC_READ | GENERIC_WRITE |
                   GENERIC_EXECUTE

   ACE2 (applies to the directory and subdirectories)
      ACE flags:   CONTAINER_INHERIT_ACE
      Access Mask: DELETE | FILE_GENERIC_READ | FILE_GENERIC_WRITE |
                   FILE_GENERIC_EXECUTE

To add the ACE flags mentioned above, you need to use the AddAccessAllowedAceEx function (supported on Win2K only).
For Win NT  you can use

BOOL AddAccessAllowedAceEx( PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid )
{
     if ( !AddAccessAllowedAce( pAcl, dwAceRevision, AccessMask, pSid ) )
          return FALSE;
     ACL_SIZE_INFORMATION info;
     if ( !GetAclInformation( pAcl, &info, sizeof info, AclSizeInformation ) )
          return FALSE;
     ACE_HEADER* pace = 0;
     if ( !GetAce( pAcl, info.AceCount - 1, reinterpret_cast<void**>(&pace) ) )
          return FALSE;
     pace->AceFlags = static_cast<BYTE>(AceFlags);
     return TRUE;
}

I guess you want to modify the security attributes for the subdirectories as well as the files in the directory. But the above ACE flags have no effect on the existing files/subdirectories. They are ONLY INHERITED for the newly created files/directories within your target directory.


Hope this helps!
0
 
jkrCommented:
IMHO, this Q is answered. 'CACLS' does what was reqested (and much more)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 9
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now