rupesh has asked for the wisdom of the Perl Monks concerning the following question:

Hi,
Here's the picture:
I have some shared folders in my system, which i need to give access to some users in some groups. Given the path of the folder, i need to list all the groups who have access to that folder and the users who are a part of the group. In that way, i would be able to list all the users given a path of the folder. I would like to know whether there is a way to automate the same in perl. I have seen a couple of links related to the topic like here , but they don't seem to solve the purpose.
Thanks for your time.

we're born with our eyes closed and our mouths wide open, and we spend our entire life trying to rectify that mistake of nature. - anonymous.

Replies are listed 'Best First'.
Re: User Manager for Groups
by snadra (Scribe) on Jul 21, 2003 at 09:51 UTC
[reply]
      Hey snadra,
      Thanks for the feedback, but it wasn't all that helpfull because the link shown were related to unix. I think it was a mistake in my part to be specific of the OS. My query is related to Windows.

      we're born with our eyes closed and our mouths wide open, and we spend our entire life trying to rectify that mistake of nature. - anonymous.
[reply]
        Oh, I am sorry about that...
[reply]
Re: User Manager for Groups
by BrowserUk (Patriarch) on Jul 21, 2003 at 16:02 UTC

    I think you need to clarify, for yourself mostly, what it is you are trying to do here.

    ...i need to give access to some users in some groups....
    1. First what kind of access?

      Read, Write, Execute, Delete, Change permissions, Ownership.

    2. If your concerned with giving permissions to users, you should either:
      1. deal with the users as individuals and ignore the group(s) they belong to and give each individual explicit rights on a per file/directory basis.

        This allows very fine grain control, but rapidly becomes a nightmare to administer.

        When you add a new file or directory, you then need to track down all the users that need to have access by backtracking from some other file or directory set of ACLs/DACLs to find the users and groups that have access to that and then add the new file to each.

        And when you add a new user, you then need to track down every file and directory and give this new user permissions to access every one individually.

        This is what I think your asking for code to do in this post. It is the 'Wrong Way'. That way lies madness of a particularly insideous and nasty kind:)

      2. Or, the better, simpler method is to ignore the individuals and only deal with a group (or groups). You make the files/directories belong to a group that you set up for this specific purpose.

        You then make new Users members of this group and they gain all the right accesses to all the appropriate files in one simple step.

        And when you add new files or directories, you just set it/them to be owned by the special group, and everyone who is a member of the group instantly has the right permissions.

    3. Of course, if you've started out using the former method, and are now trying to automate the process, then you probably need code to do the backtracking.

      As particle mentions above, Win32::FileSecurity will allow you to find out what permissions are set on individual files.

      Specifically, the Get( $file_or_path, \%permission ); will get you a list of users and/or groups that have DACLs set for the given file.

      You can then translate the masks returned for each user and group in the hash to the corresponding set of specific permission using the EnumerateRights( $mask, \@rights );

      Win32::NetAdmin GroupGetMembers( ... ); will allow you to find the all the members for each group that has specific permissions, but you should really just apply any new permissions to the group rather than to the individual members of it.

    Overall, if your currently using the former method, I strongly recommend you move to the latter method as soon as possible. From experience, I can assure you that the pain of the transition is more than compensated for by the ease of management once it is completed.

    Examine what is said, not who speaks.
    "Efficiency is intelligent laziness." -David Dunham
    "When I'm working on a problem, I never think about beauty. I think only how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong." -Richard Buckminster Fuller
[reply]
[d/l]
[select]
      Hey BrowserUK!,
      Thanks for your reply. It was really informative.
      The features in the perl script that i was trying to code would only list the groups, the users in those groups and apparently genrerate a report with the data, provided a folder path was given as input.
      I strongly believe in your latter suggestion of managing groups and not individual users, which i would like to automate in the near future. And I haven't been following your former method either since i'm not an admin. All i wanted to do was automate the report.

      we're born with our eyes closed and our mouths wide open, and we spend our entire life trying to rectify that mistake of nature. - anonymous.
[reply]
Re: User Manager for Groups
by particle (Vicar) on Jul 21, 2003 at 13:08 UTC

    you'll want to look at the Win32:: modules. if you're using ActiveState, the modules and documentation should be in your distribution. if not, get them from http://www.roth.net. perhaps Win32::FileSecurity and Win32::NetAdmin will be a good start.

    ~Particle *accelerates*

[reply]

Back to Seekers of Perl Wisdom