Win32::Perms and Network Shares

thoughtless has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to get a list of users/groups and their associated permissions on a network share. For testing I have shared a folder on my local computer and I am able to get all users/groups and permissions without a problem. My problem occurs when getting users/groups on a share that is on one of our servers. Could someone point out what I am doing wrong here? Code posted below. Thanks

use warnings;
use Win32::Perms;

unless( defined @ARGV ){
  print "Error: Please supply divisions share.\n";
  print "perl SharePermissions.pl \\\\server\\share\n";
  exit 0;
}

#pull off the share provided by user
my $share = pop @ARGV;

my $level = 0;
CheckPerms( $share );
ReadDir( $share );


sub CheckPerms{
  my $directory = shift @_;
  
  my $perms = new Win32::Perms( "$directory" ) or 
    die "Could not get permissions: $^E";
  my $owner = $perms->Owner();
  my $counter = $perms->Get(\ my @list );
  $perms->Close();
  
  my $space = " " x $level;
  foreach my $item ( @list ){
    #Access, Account, Domain, Entry, Flag, Mask, 
    #ObjectName, ObjectType, SID, Type
    my $sid = $item->{SID};
    my $name = Win32::Perms::ResolveAccount($sid);
    Win32::Perms::DecodeMask( $item->{Mask}, \@mask );
    my $access = $item->{Access};
    $permissions{$name} = { access => $access,
                mask   => \@mask };
  }

  foreach ( sort keys %permissions ){
    print $space . "Group/User:$_ Access:$permissions{$_}->{access}\n"
+;
    print $space . "Permissions:";
    my $array = $permissions{$_}->{mask};
    print "@$array\n";
  }
}

sub ReadDir{
  my $dir = shift @_;

  opendir(DIR, $dir) or die "Error:  Unable to open the $dir. $^E\n";
  #read directory and do not count in '.' and '..'
  my @all = grep{ not /^\.{1,2}\z/ } readdir( DIR );
  close( DIR );
  
  foreach my $name ( @all ){
    if( -d "$dir\\$name" ){
      $level++;
      CheckPerms( "$dir\\$name" );
      ReadDir( "$dir\\$name" );
      $level--;
      next;
    }#elsif $all_file is a file continue with check
    elsif( -f $name ){ next; }
  }
}
[download]

Comment on Win32::Perms and Network Shares Download Code

Replies are listed 'Best First'.
Re: Win32::Perms and Network Shares by arden (Curate) on Feb 06, 2004 at 16:54 UTC
thoughtless, you didn't tell us what error you get when trying to do this for the servers. My guess is that you are trying to get information about a share from your workstation. That information is stored on the server, you'd have to run the script on the server in question. With our systems (although it might be a security lockdown we've performed, but I doubt it) you cannot get any information about a share across the network besides the name of the share and what access you have with your security token. Please give us the error you're receiving and from where you're trying to run this script.	[reply]
Re: Re: Win32::Perms and Network Shares by thoughtless (Initiate) on Feb 06, 2004 at 17:19 UTC
I actually don't receive any errors. The Get(\ my @list ) statement returns 0 counters when I run the script from my workstation against a network share (on a server). It could be that we have our systems locked down like that and I am just not aware of it. If I try to get information about a share on my workstation I can do that just fine, it returns all users/groups and their permissions.	[reply]
Re: Win32::Perms and Network Shares by rchiav (Deacon) on Feb 06, 2004 at 22:16 UTC
My guess is that you don't have permissions to read the security info on the share you're testing this against. I just ran this code against a network share and it worked. You're only going to get info back if the account you're logged in as is able to get the info in the first place.	[reply]
Re: Re: Win32::Perms and Network Shares by thoughtless (Initiate) on Feb 09, 2004 at 17:43 UTC
Thanks for your replies, at first I thought I missed a small detail. I did talk with some of our admins, that have more privs than I do, and yeah I do not have this type of access. Once again thanks for the help	[reply]
Re: Re: Re: Win32::Perms and Network Shares by ballJoint (Initiate) on Feb 21, 2004 at 16:57 UTC
I'm just getting into this w2k security so this is a 101. I tried your code for a single directory and got this. This seems to be more a permissions question. Look at the mask output below. (I modified your %permissions build to: $loop++; $permissions{$aceName . "__$loop"} = {access => $access, mask => \@mask}; and added a flag view. ) I get the same listing for allow and deny. Does that look right? Thanks ACE Owner of "\\y-fps3\Home\Star_hub" is "RAYO\2007617" with "3" aces. Group of "\\y-fps3\Home\Star_hub" is "" with "3" aces. ACE: Ace name: RAYO\2007617 Ace access: Denied Ace sid: S-1-5-21--1289165036-66035279--551693756-12389 Ace domain: RAYO Ace entry: DACL Ace account: DACL Ace type: 2 flag: OBJECT_INHERIT_ACE flag: CONTAINER_INHERIT_ACE ACE: Ace name: RAYO\2007617 Ace access: Allowed Ace sid: S-1-5-21--1289165036-66035279--551693756-12389 Ace domain: RAYO Ace entry: DACL Ace account: DACL Ace type: 1 flag: OBJECT_INHERIT_ACE flag: CONTAINER_INHERIT_ACE ACE: Ace name: RAYO\OUoperators Ace access: Allowed Ace sid: S-1-5-21--1289165036-66035279--551693756-10260 Ace domain: RAYO Ace entry: DACL Ace account: DACL Ace type: 1 flag: OBJECT_INHERIT_ACE flag: CONTAINER_INHERIT_ACE PERMISSIONS mask Group/User: RAYO\OUoperators__3 Permissions: (Allowed) STANDARD_RIGHTS_ALL FILE_READ_EA FILE_WRITE_EA FILE_EXECUTE FILE_DELETE_CHILD FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES Group/User: RAYO\2007617__1 Permissions: (Denied) STANDARD_RIGHTS_ALL FILE_READ_EA FILE_WRITE_EA FILE_EXECUTE FILE_DELETE_CHILD FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES Group/User: RAYO\2007617__2 Permissions: (Allowed) STANDARD_RIGHTS_ALL FILE_READ_EA FILE_WRITE_EA FILE_EXECUTE FILE_DELETE_CHILD FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES	[reply]
Re: Re: Re: Win32::Perms and Network Shares by ballJoint (Initiate) on Feb 21, 2004 at 17:47 UTC
Never mind. Code error. %permissions overwrites.... right? I put the permissions assignment and printout in the main loop and ... presto. Thanks. Just another error of many.	[reply]
Re^2: Win32::Perms and Network Shares by zechim (Initiate) on Dec 27, 2005 at 12:22 UTC
Hi, In my case, I have permission to read the permissions (on Explorer I can visualize the permissions) but using Win32::Perms I can´t! Maybe it´s necessary have privileges to write permissions	[reply]