Discipulus has asked for the wisdom of the Perl Monks concerning the following question:

Hi all monks,

I use the following code to scan a directory and eliminate from it a user (in the example Everyone).
The code read first the ACL and, if the user does't match Everyone, puts the pair key/value in a new hash, then set the permission with the new ACL, get it and finally print it out.
It works but with a strange effect: in properties/security/advance/view-modify of the folder is all rigth, but all entries of properties/security are empty!

Questions:
-How to solve this problem?
-How to access to advanced features like inheritance and set on children folders?
here the code:
use Win32::FileSecurity(Get, EnumerateRights, Set);

$cart='TestFolder';
 mkdir   $cart||warn $!;
Get ($cart, \%hs1);
 while (($nom, $mask)=each %hs1)
 {
  if ($nom !~ /Everyone/){
    $hs2{"$nom"}=$mask;
    print "\t\t$nom\n";
  }
  else {print"\t\t$nom\t\TO ELIMINATE\n"}
 }
Set ($cart, \%hs2);
print"\nAFTER\n\n";

Get ($cart, \%hs3);
while (($nom3, $mask3)=each %hs3)
 {
  print "\t\t$nom3\n";
 }

[download]

Thanks in advance for any replay and..
greetings from roma.

discente *

Replies are listed 'Best First'.
Re: win32 ACL problem.
by blm (Hermit) on Sep 24, 2002 at 11:46 UTC

    Firstly you will want to change.

    mkdir   $cart||warn $!;

    [download]

    to

    mkdir   $cart or warn $!;

    [download]

    or

     mkdir($cart) || warn $!;

    [download]

    Otherwise it doesn't warn ever.

    Secondly the permissions show up as blank in properties/security/ because they are applied to "This folder only" if you look at properties/security/advance/view-modify. Change the "Apply onto:" setting by hitting View/Edit in properties/security/advance/ to eg "This folder, Subfolders and files" and the properties/security/ for that access control entry.

    --blm--

    Update: Fix missing semicolon.

[reply]
[d/l]
[select]
      thanks for the warning explication.
      for the second thing: I wont access the property "This folder, Subfolders and files" via Perl and not via mouse!
      any idea?
      Thanks in any case..
      lorenzo*
[reply]

        I get the feeling that Win32::FileSecurity tries to do the inheritance stuff automagically. I use Win32::Perms for my work as it seems to expose more functionality. Doing the same script with Win32::Perms seems not to have the same problems as the code you posted. Here is my Win32::Perms version:

        use Win32::Perms;

$cart='TestingFolder';
mkdir $cart || warn $!;

# Create a new Security Descriptor and auto import permissions
# from the directory

$Dir = new Win32::Perms( $cart ) || die;
my @perms;
my $perm;
$Dir->Get(\@perms);
my $index = 0;
$Dir->Dump;
do {
    $perm = $perms[$index];

} while ($perm->{'Account'} ne 'Everyone') and (++$index);

# One of three ways to remove an ACE
print ($Dir->Remove($index));

$Dir->Set();
$Dir->Dump;

        [download]
        --blm--

        ps you may notice that I don't use $Dir->Remove('Everyone'), This is because I could not get it to delete any ACEs. So I compute the index of the ACE in the ACL and delete based on that. I will investigate this further.

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom