NAME

Win32::FileSecurity - manage FileSecurity Discretionary Access Control Lists in perl

SYNOPSIS

use Win32::FileSecurity;

DESCRIPTION

This module offers control over the administration of system FileSecurity DACLs. You may want to use Get and EnumerateRights to get an idea of what mask values correspond to what rights as viewed from File Manager.

CONSTANTS

DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER,
SYNCHRONIZE, STANDARD_RIGHTS_REQUIRED, 
STANDARD_RIGHTS_READ, STANDARD_RIGHTS_WRITE,
STANDARD_RIGHTS_EXECUTE, STANDARD_RIGHTS_ALL,
SPECIFIC_RIGHTS_ALL, ACCESS_SYSTEM_SECURITY, 
MAXIMUM_ALLOWED, GENERIC_READ, GENERIC_WRITE,
GENERIC_EXECUTE, GENERIC_ALL, F, FULL, R, READ,
C, CHANGE

FUNCTIONS

NOTE:

All of the functions return FALSE (0) if they fail, unless otherwise noted. Errors returned via $! containing both Win32 GetLastError() and a text message indicating Win32 function that failed.

constant( $name, $set ) Stores the value of named constant $name into $set. Alternatively, $set = Win32::FileSecurity::NAME_OF_CONSTANT() ;
Get( $filename, \%permisshash ) Gets the DACLs of a file or directory
Set( $filename, \%permisshash ) Sets the DACL for a file or directory
EnumerateRights( $mask, \@rightslist ) Turns the bitmask in $mask into a list of strings in @rightslist
MakeMask( qw( DELETE READ_CONTROL ) ) Takes a list of strings representing constants and returns a bitmasked integer value.

%permisshash

Entries take the form $permisshash{USERNAME} = $mask ;

EXAMPLE1

# Gets the rights for all files listed on the command line. use Win32::FileSecurity ;

foreach( @ARGV ) { next unless -e $_ ;

if ( Win32::FileSecurity::Get( $_, \%hash ) ) {
	while( ($name, $mask) = each %hash ) {
		print "$name:\n\t"; 
		Win32::FileSecurity::EnumerateRights( $mask, \@happy ) ;
		print join( "\n\t", @happy ), "\n";
	}
} else {
	print( "Error #", int( $! ), ": $!" ) ;
}
}

EXAMPLE2

# Gets existing DACL and modifies Administrator rights use Win32::FileSecurity ;

# These masks show up as Full Control in File Manager $file = Win32::FileSecurity::MakeMask( qw( FULL ) );

$dir = Win32::FileSecurity::MakeMask( qw( FULL GENERIC_ALL ) );

foreach( @ARGV ) { s/\\$//; next unless -e;

Win32::FileSecurity::Get( $_, \%hash ) ;
$hash{Administrator} = ( -d ) ? $dir : $file ;
Win32::FileSecurity::Set( $_, \%hash ) ;
}

VERSION

1.01 ALPHA 97-04-25

REVISION NOTES

1.01 ALPHA 1997.04.25 CORE Win32 version imported from 0.66 <gsar@umich.edu>
0.66 ALPHA 1997.03.13 Fixed bug in memory allocation check
0.65 ALPHA 1997.02.25 Tested with 5.003 build 303 Added ISA exporter, and @EXPORT_OK Added F, FULL, R, READ, C, CHANGE as composite pre-built mask names. Added server\ to keys returned in hash from Get Made constants and MakeMask case insensitive (I don't know why I did that) Fixed mask comparison in ListDacl and Enumerate Rights from simple & mask to exact bit match ! ( ( x & y ) ^ x ) makes sure all bits in x are set in y Fixed some "wild" pointers
0.60 ALPHA 1996.07.31 Now suitable for file and directory permissions Included ListDacl.exe in bundle for debugging Added "intuitive" inheritance for directories, basically functions like FM triggered by presence of GENERIC_ rights this may need to change see EXAMPLE2 Changed from AddAccessAllowedAce to AddAce for control over inheritance
0.51 ALPHA 1996.07.20 Fixed memory allocation bug
0.50 ALPHA 1996.07.29 Base functionality Using AddAccessAllowedAce Suitable for file permissions =back

KNOWN ISSUES / BUGS

1 May not work on remote drives.
2 Errors croak, don't return via $! as documented.

2 POD Errors

The following errors were encountered while parsing the POD:

Around line 210:

You forgot a '=back' before '=head1'

Around line 212:

=over without closing =back