Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Windows Security

by pgduke65 (Acolyte)
on Feb 05, 2015 at 19:11 UTC ( [id://1115696]=perlquestion: print w/replies, xml ) Need Help??

pgduke65 has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,

I have a circumstance where I am being asked to implement a scripting framework based in Perl onto a Microsoft platform. One of the requirements is that there me a means to present the developers with a means to access and set security permissions on files/directories within the environment. Not having much experience with Perl in the Windows O/S, I am looking for guidance/feedback regarding any modules that exist that may accomplish this task. I really don't want to have to re-invent the wheel unless absolutely necessary.

Thank you

Replies are listed 'Best First'.
Re: Windows Security
by BrowserUk (Patriarch) on Feb 06, 2015 at 02:11 UTC

    Personally, I shell out to icacls.exe.

    It will for the most part prevent you from screwing things up too badly, whereas using the APIs -- assuming you can find an up-to-date and maintained module that gives you access to them -- it is extremely easy to screw things up completely.

    I don't trust myself to program an api that complex; should I trust someone else?


    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority". I'm with torvalds on this
    In the absence of evidence, opinion is indistinguishable from prejudice. Agile (and TDD) debunked

        The most significant information there are the dates: March 2004.

        icacls (the replacement for the notoriously inept cacls) first came with Vista which shipped in 2006/2007. With an API that complex, and that has gone through many changes, I'd be very reluctant to use a third party tool that is 10 years out of date.


        With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
        Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
        "Science is about questioning the status quo. Questioning authority". I'm with torvalds on this
        In the absence of evidence, opinion is indistinguishable from prejudice. Agile (and TDD) debunked
Re: Windows Security
by atcroft (Abbot) on Feb 05, 2015 at 21:02 UTC

    No experience with it, but a quick search of CPAN gave a possible starting point: Win32::Security

    Hope that helps.

Re: Windows Security
by CoVAX (Beadle) on Feb 06, 2015 at 06:19 UTC

    Have a look at Win32::FileSecurity - Manage FileSecurity Discretionary Access Control Lists in Perl - last updated 28 Nov 2013.

    I found this book helpful (even though it was published in Oct. 2001): "Win32 Perl Programming: the Standard Extensions, second edition" by Dave Roth. Website: http://www.roth.net/books/extensions2/ -- Chapter 11 deals with security & permissions.

    And I presume you could "shell out" to the Windows PowerShell if necessary.

      Additionally:

      Have a look at Win32::OLE (e.g., create a shell, and execute commands)

      Have a look at Win32::Perms (http://www.roth.net/perl/perms/) -- although it is dated 2002. (This module is discussed here: http://www.perlmonks.org/?node=win32%3A%3Aperms )

      Roth has another book, "Win32 Perl Scripting: Administrator's Handbook," which may be more suitable to your tasks.

Re: Windows Security
by Discipulus (Canon) on Feb 06, 2015 at 08:37 UTC
    Hi pgduke65, you'll discover how shaggy is working in that OS..

    i'm not a guru of windows nor a Perl master but i'have now a 12+ years experience administrering winz osses with Perl and my suggestion too is to rely on native commands (as BrowserUk already said) to interact with the system.
    I started my early attempts using Admin::Misc and after some years it become no more installable-usable: i had to rewrite a big part of many program to switch to a Perl after 5.8. (see also this node)

    Below i present you an aged but still used (by me) piece of code that set permission on a folder. Even if is rough it highlights some problem you also can meet. The ch_acl sub does not call the icacls command directly, instead it passes its args to a test_my_command sub that cycle trying the command until it get back a correct value. This was because the user was created (in a domain) and immediatly used in the permission of a folder; early code sometimes failed because 'No mapping..' was found between the username and a SID..

    sub ch_acl{ my ($root, $user, $diritto)=@_; ##$diritto means $right my $ok = undef; $diritto = 'M' unless defined $diritto; die "What you are trying to do?" unless $diritto =~/[R|W|C|F|M +]/i; print "********************************icacls $root /T /grant:r $use +r:(OI)(CI)$diritto\n\n"; while (!$ok){$ok = &test_my_command($root, $user, $diritto)} print "\n*** PERMISSION SET CORRECTLY\n"; } sub test_my_command{ my ($root, $user, $diritto)=@_; my $output = `icacls $root /T /grant:r $user:(OI)(CI)$diritto 2>&1 +`; if ($output =~ /No mapping/si){print "No mapping..\n";sleep 1;retu +rn undef} else{print "OK\n$output";return 1;} }
    Note also the 2>&1 at the end of the command: it is very important because cmd.exe mix OUT and ERR (and their order iirc). If you do not want to get old in the ms docs site consider using this useful site where you can find icacls examples too. You have to learn also the inheritance system of permission specified by the (OI)(CI) part of the above example.

    Another very useful knoweldge to have to survive in such jungle is to have very clear understanding of the latest trap they lied to force us to follow their path or die: filesystem redirection. It is very important especially if you use Perl 32bit on a 64 bit OS. I have yet described here

    HtH
    L*
    There are no rules, there are no thumbs..
    Reinvent the wheel, then learn The Wheel; may be one day you reinvent one of THE WHEELS.
Re: Windows Security
by pgduke65 (Acolyte) on Feb 13, 2015 at 19:51 UTC
    Thank you all for the great feedback! I will look over the suggestions and sample code. This is a great site to get guidance. Many Thanks.
Re: Windows Security
by japh2963 (Novice) on Feb 06, 2015 at 03:07 UTC
    Please do not hide or remove this post. Don't be lazy. Perl is about creativity. You're clearly using the wrong language.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://1115696]
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others contemplating the Monastery: (6)
As of 2024-03-28 11:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found