Assigning Permissions

blackadder has asked for the wisdom of the Perl Monks concerning the following question:

O'Holly Ones....Greetings

I am quite confused on how can go about assigning permissions to an account.

You see, I would like to mimic the way permissions are assigned to a group or a user thought Windows NT explorer.

For example: in explorer you can go to c: drive, select the temp folder and then right click, then select properties, security tab and then select permissions. In there, the type of access can be any of the following:

No access, List, Read, Add, Add & Read, Change and full control (those are the only ones I am interested in).

Then in my script I have this line,

$perms->Add("$account", FULL |FULL, ACCESS_ALLOWED_ACE_TYPE, OBJECT_IN
+HERIT_ACE | CONTAINER_INHERIT_ACE);
[download]

Meaning to assign the account $account the permission FULL on Folder level and Full on subfolder and files level, Which works fine and it does assign the Full control permission to $account (well, it seems so to me, then again I could be wrong).

However, If I wanted to assign the List or the Add & Read permission to $account, knowing that List permission is (RX)(Not Specified) or Add & Read which is (RWX)(RX). I fail miserably because I do not know how to go about it. I am not sure on what to substitute instead of the FULL|FULL as above to obtain Add & Read or List permissions. Can someone please explain or show me how to do this?

Also. In my script I have a perl/Tk based form (please see following code) where two sets of radio buttons are displayed, each radio button resembles an access type and one set of radio buttons are for folder permissions and the other is for subfolders and files assignments. Then I obtain the values for $folder_ace_var and $subfolder_ace_var. as such:

foreach my $p ('NO_ACCESS', 'FULL','READ', 'WRITE' ,'CHANGE','GENERIC_
+ALL')
    {
        $left_frame->Radiobutton( -text => "ACE :  $p",
                                                        -variable => \
+ $folder_ace_var,
                                                        -relief   => '
+flat',
                                                        -value    => $
+p, )->pack(@pl);
    }
    foreach my $p ('NO_ACCESS', 'FULL','READ', 'WRITE' ,'CHANGE','GENE
+RIC_ALL')
    {
        $right_frame->Radiobutton( -text => "ACE :  $p",
                                                        -variable => \
+ $subfolder_ace_var,
                                                        -relief   => '
+flat',
                                                        -value    => $
+p, )->pack(@pl);
    }
[download]

Now, when I use this line:
$perms->Add("$account", $folder_ace_var | $subfolder_ace_var, ACCESS_ALLOWED_ACE_TYPE, OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE);
It doesn’t work;

My question is how I can tell Perl to treat those two variables as constants.
Many Thanks in advance to you replays (and examples), your help is highly appreciated because my back side is under a bit of heat at the moment.

Comment on Assigning Permissions Select or Download Code

Replies are listed 'Best First'.
Re: Assigning Permissions by BlueBlazerRegular (Friar) on Sep 12, 2002 at 18:04 UTC
Update (9/13/2): As BrowserUk mentions, I was unaware of the larger picture here, therefore creating a long-winded post that unfortunately has the rather large drawback of not working (or to be more accurate - not doing what it should). Apparently I have a rather long way to go to reach true enlightenment. So this update is a warning to all of you who may stumble across this later on - don't use it! There appear to be two questions here: The first is in regards to what the various labels are for the various permissions. You know what 'FULL' is, but the others aren't as clear. Unfortunately, I can't help you with this. The second question has to do with the Tk code. In checking this out, I ran into something strange. In my test, I'm printing out what is being passed to the sub-routine and getting some strange results, due to the use of the '\|' in the call. This makes me wonder what you are using '\|' for. Is it being used in its normal Perl way as a bitwise OR? Or are you trying to choose between two options (i.e., the parameter could be the `$folder_ace_var` OR the `$subfolder_ace_var`)? Or is supposed to be part of the parameters being passed (i.e., a literal '\|')? First off, a bitwise OR does very strange stuff to the strings when they are passed to the sub-routine, so I'm pretty sure that is NOT what you are trying to do. Using '\|\|' instead of '\|' does what it is expected (choose between two options), but the way you have it written, you will always get `OBJECT_INHERIT_ACE`, regardless of which permission was set. And I'm confused on the order of the parameters - you pass `$folder_ace_var` before `$subfolder_ace_var`, but pass `OBJECT_INHERIT_ACE` before `CONTAINER_INHERIT_ACT` (it would seem that the OBJECT (the sub-folder or file) would be in the CONTAINER (the folder), not the other way around, but then rules don't have to make sense). Also, I get warnings on using the barewords `ACCESS_ALLOWED_ACE_TYPE`, `OBJECT_INHERIT_ACE`, and `CONTAINER_INHERIT_ACE`. Quoting these values would get rid of these errors. Your call would now look like this: `$perms->Add("$account", "$folder_ace_var" \|\| "$subfolder_ace_var", "ACCESS_ALLOWED_ACE_TYPE", "CONTAINER_INHERIT_ACE" \|\| "OBJECT_INHERIT_ACE");` [download] If this is what you are trying to do, then a better way to do this would be: `if ( $folder_ace_var ) { $perms->Add("$account", "$folder_ace_var", "ACCESS_ALLOWED_ACE_TYPE", "OBJECT_INHERIT_ACE"); } else { $perms->Add("$account", "$subfolder_ace_var", "ACCESS_ALLOWED_ACE_TYPE", "CONTAINER_INHERIT_ACE"); }` [download] That leaves us with the third choice - that the '\|' is part of the string being passed. If so, then we need to put quotes around the parameters to get the '\|' to pass to the sub-routine correctly. For this option, the call would look like this: `$perms->Add("$account", "$folder_ace_var \| $subfolder_ace_var", "ACCESS_ALLOWED_ACE_TYPE", "CONTAINER_INHERIT_ACE \| OBJECT_INHERIT_ACE");` [download] The test program below shows how the various choices will affect the results. This is getting a mite long-winded (which, unfortunately, is a curse of mine), so I'll just end with I hope this has been helpful. And without further ado, the code: #!/opt/local/bin/perl -w use strict; use Tk; my $mw = MainWindow->new; $mw->geometry("400x300+20+20"); $mw->title( "Tk Testing" ); my $account = 'Me'; my $folder_ace_var = ''; my $subfolder_ace_var = ''; my $bottom_frame = $mw->Frame()->pack(-side => 'bottom'); my $left_frame = $mw->Frame()->pack(-side => 'left'); my $right_frame = $mw->Frame()->pack(-side => 'right'); foreach my $p ('NO_ACCESS', 'FULL','READ', 'WRITE' ,'CHANGE','GENERIC_ +ALL') { $left_frame->Radiobutton(-text => "ACE : $p", -variable => \$folder_ace_var, -relief => 'flat', -value => $p, )->pack(-side => 'top', -in => $left_frame, -anchor => 'w', #-fill => 'x', #-expand => 1, #-padx => 5, #-pady => 1, ); } foreach my $p ('NO_ACCESS', 'FULL','READ', 'WRITE' ,'CHANGE','GENERIC_ +ALL') { $right_frame->Radiobutton(-text => "ACE : $p", -variable => \$subfolder_ace_var, -relief => 'flat', -value => $p, )->pack(-side => 'top', -in => $right_frame, -anchor => 'w', # -fill => 'x', #-expand => 1, #-padx => 5, #-pady => 1, ); } $mw->Button(-text => "Bitwise OR", -width => 10, -command => sub{ Check_Variables( "$account", "$folder_ace_var" \| "$subfolder_ace_va +r", "ACCESS_ALLOWED_ACE_TYPE", "OBJECT_INHERIT_ACE" \| "CONTAINER_INHE +RIT_ACE" ); }, )->pack(-side => 'left', -in => $bottom_frame, -anchor => 'w', -fill => 'none', -expand => 0, -padx => 5, ); $mw->Button(-text => "Literal \|", -width => 10, -command => sub{ Check_Variables( "$account", "$folder_ace_var \| $subfolder_ace_var" +, "ACCESS_ALLOWED_ACE_TYPE", "OBJECT_INHERIT_ACE \| CONTAINER_INHERI +T_ACE" ); }, )->pack(-side => 'left', -in => $bottom_frame, -anchor => 'w', -fill => 'none', -expand => 0, -padx => 5, ); $mw->Button(-text => "Regular OR", -width => 10, -command => sub{ Check_Variables( "$account", "$folder_ace_var" \|\| "$subfolder_ace_v +ar", "ACCESS_ALLOWED_ACE_TYPE", "OBJECT_INHERIT_ACE" \|\| "CONTAINER_INH +ERIT_ACE" ); }, )->pack(-side => 'left', -in => $bottom_frame, -anchor => 'w', -fill => 'none', -expand => 0, -padx => 5, ); MainLoop; sub Check_Variables { print "-----------------------------------------------\n"; foreach my $entry ( @_ ) { print "$entry\n"; } print "-----------------------------------------------\n"; } exit 0; # # end of code # [download] Pat	[reply] [d/l] [select]
Re: Assigning Permissions by BrowserUk (Patriarch) on Sep 12, 2002 at 22:51 UTC
I can't comment on the Tk code, but as far as the permissions are concerned, I think you are close to what you want but maybe getting a little mixed up about the myriad constants exported from Win32:Perms and which ones can be combined with which. The best documentation beside Dave Roth's books, is the Win32::Perms homepage. It's the only consise description of this stuff I've found. It well worth reading top-to-bottom, (twice:), rather than trying to home in on just the bit you think you need, as I normally do. It greatly clarified the greater picture for me. If, after you have read that page, you have a specific question about the Win32::Perms (as opposed to the Tk stuff which is just clouding the picture), ask again and I (and other monks no doubt) will try and help further. BTW. As you are probably aware, BlueBlazerRegular's stuff above about using \|\| instead of \| and quoting these constants is wrong. He obviously isn't aware that CONTAINER_INHERIT_ACE, OBJECT_INHERIT_ACE and the rest are bit-wise encoded manifest constants and that you do want to bit-wise-or them together. Well It's better than the Abottoire, but Yorkshire!	[reply] [d/l]