A while back, I posed a question regarding setting permissions for sharepoints using Win32::NetResource. The documentation says that you can't. However, after testing out a theory, I found that if you create a directory, edit the permissions on it with Win32::FileSecurity, and then share it, it will pick up the permissions that are placed on the directory by Win32::FileSecurity when accessed as through a sharepoint (e.g., Network Neighborhood).
To my knowledge, this has not been discussed in either Win32::FileSecurity POD or Win32::NetResource POD. For example, try running this code:
use Win32::AdminMisc;
use Win32::NetResource;
use Win32::FileSecurity;
use strict;
my $hdir_srv = 'c:/temp/test';
my $hdir = 'Test User';
my $err;
print STDERR "$hdir_srv\n";
mkdir($hdir_srv, '0777');
my $admin_perms = Win32::FileSecurity::MakeMask( qw(FULL GENERIC_ALL)
+);
my %hdir_perm_hash;
if ( Win32::FileSecurity::Get($hdir_srv, \%hdir_perm_hash) ) {
print STDERR "$hdir_srv has been opened\n";
}
$hdir_perm_hash{'DOMAIN\\Domain Admins'} = $admin_perms;
delete($hdir_perm_hash{'Everyone'});
if ( Win32::FileSecurity::Set($hdir_srv, \%hdir_perm_hash) ) {
print STDERR "$hdir_srv has been set\n";
}
my $hdir_share = { 'path' , $hdir_srv, 'netname', $hdir, 'remark', "Th
+is is the home dir for $hdir", 'passwd' , "", 'maxusers', '-1', 'perm
+issions', '0' , 'type', '0'};
if ( Win32::NetResource::NetShareAdd($hdir_share, $err) ) {
print STDERR "$hdir_srv shared!\n";
}
else {
die "Win32::NetResource::GetError($err)";
}
my $PDC = Win32::AdminMisc::GetPDC('DOMAIN');
print STDERR "$PDC\n";
eval {
my $path = "\\\\$PDC\\$hdir";
my @lst;
my $perms = {};
my $acct;
print STDERR $path;
print STDERR "\n";
if ( Win32::FileSecurity::Get($path, $perms) ){
print "Permissions for $path:\n";
foreach $acct (sort ( keys( %{ $perms } ) ) ) {
print "\t$acct:\t$perms->{$acct}\n";
if ( Win32::FileSecurity::EnumerateRights( $perms->{$acct}
+ , \@lst) ) {
map {print "\t\t$_\n"} ( @lst );
}
else {
print "\t\tNone\n";
}
}
}
else {
print "Error accessing perms for $path\n";
print Win32::FormatMessage( Win32::GetLastError() );
}
};
What you will find is that the directory is created having the permissions set in $admin_perms. Not only that, but when you enumerate the rights of the shared resource using Win32::FileSecurity, you'll notice that it has the
SAME rights that you just set in the first part of the code. I figured something was wrong, so I did a "net use x: \\server\share" and when I looked at the permissions in WindowsNT Explorer, surely enough, it confirmed the result of the eval block. I found this to be an interesting "quirk" in the two modules. I thought I would mention it in case anyone else was wondering how to set sharepoint permissions from Perl without resorting to some Win32API calls.
Theodore Charles III
Network Administrator
Los Angeles Senior High
4650 W. Olympic Blvd.
Los Angeles, CA 90019
323-937-3210 ext. 224
email->secon_kun@hotmail.com()
Update: Shame on me for not defining $hdir and using 'use strict'.
Update #2!:: Stupid me... I typed Win32::Perms instead of Win32::FileSecurity, since I was using them both when I did the testing.
Update #3!:Yet again, one little error in the test code (forgot to define $perms and $acct).
tye also pointed out to me that there is a very subtle difference in setting the security for the sharepoint and the permissions on the directory. Apparently, when you share a resource, even if the resource has local security settings, when it is accessed as a shared resource, "Everyone" will have full rights to the shared resource, nullifying (for most intents and purposes) the local security. What my test found is that importing a similar snippet of code into a Win32 program will allow you to kill that "Everyone bug" that Microsoft has inserted into the NT core before someone decides to connect to the directory and mutilate everything in it.