Win32::Perms doesn't get local groups

bowei_99 has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I'm trying to manage a remote NTFS share, and figured I'd start by dumping the ACLs using Win32::Perms. So I wrote the following code:

my ($m_obj_dir) = new Win32::Perms($m_unc_path) 
        or die "Cannot create Win32::Perms obj for $m_unc_path - $!\n"
+;    
    $m_obj_dir->Dump;
[download]

And when I run it, the information for the DACL displays OK, except for two groups local to the server with Win2K permissions (which is a netapp filer, but that shouldn't matter). Although there are lines for these groups (see output below), there is no account name. I confirmed using SetACL (setacl.sourceforge.net) and the Windows GUI (i.e. right click on folder, properties, select Permissions tab) that these do in fact correspond with real groups.

Descretionary ACL:
Index Account                                  Mask       Type       F
+lag
----- ---------------------------------------- ---------- ---------- -
+---------
<snip>
    5                                          0x001301bf Allow      0
+x00000003
    6                                          0x001200a9 Allow      0
+x00000003
<snip>
[download]

Is there a flag I have to set or something? I read the manpage at http://www.roth.net/perl/packages/#Win32-Perms, and poked around this site, and couldn't find a problem with this module not recognizing a local group. Nothing from google searches, either. I thought about using the ocx file that comes with setacl (allows for integration with perl), as there isn't much documentation on it, and the ocx file was just posted recently. As a result, I'm leery of using it for a production server. I was under the impression that Win32::Perms is more established, and was hoping to use that.

Comment on Win32::Perms doesn't get local groups Select or Download Code

Replies are listed 'Best First'.
Re: Win32::Perms doesn't get local groups by puploki (Hermit) on Sep 16, 2005 at 20:52 UTC
I have to admit that a lot of the Win32 modules have a poor API, are poorly documented and often don't quite work as intended. To be fair the writers of these modules, it's more often Windows' internals that are the problem rather than Perl. Anyway, having had to do this for a production service on which 40k people rely, the most robust method I could find was to use WMI to enumerate all the shares on a remote server and then use a Windows resource kit tool - rmtshare - to get the permissions off. It copes very well with all manner of local and domain groups. This is a quick and ready code snippett that I hacked up in a hurry, so it may not be the best: `open (COMMAND, "rmtshare \\\\$server\\\$share\" \|" ) or die "Eeek, una +ble to run rmtshare\n"; while ( <COMMAND> ) { next unless /:/g; next if /^Path/; next if /^Permissions/; chomp; if ( $_ ) { #$_ =~ s/\s+//g; my ( $user, $perm ) = split( /:/, $_ ); $perm =~ s/FULLCONTROL$/FULL/; $perm =~ s/FULL CONTROL$/FULL/; $user =~ s/^\\Everyone/Everyone/; $user =~ s/^\s+//; $user =~ s/\s+$//; $perm =~ s/^\s+//; $perm =~ s/\s+$//; print "$user:$perm\n"; } } close COMMAND;` [download]	[reply] [d/l]
Re: Win32::Perms doesn't get local groups by bowei_99 (Friar) on Sep 17, 2005 at 16:57 UTC
puploki, Thanks. Hm, have you had any experience with that code in Active Directory? That's what we're migrating to. Since rmtshare is part of the Win NT 4.0 resource kit but not the WIn2k resource kit, I'm worried I might have problems if I use it in an AD environment.	[reply]