Personally, I shell out to icacls.exe.
It will for the most part prevent you from screwing things up too badly, whereas using the APIs -- assuming you can find an up-to-date and maintained module that gives you access to them -- it is extremely easy to screw things up completely.
I don't trust myself to program an api that complex; should I trust someone else?
With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
| [reply] [Watch: Dir/Any] |
| [reply] [Watch: Dir/Any] |
The most significant information there are the dates: March 2004.
icacls (the replacement for the notoriously inept cacls) first came with Vista which shipped in 2006/2007. With an API that complex, and that has gone through many changes, I'd be very reluctant to use a third party tool that is 10 years out of date.
With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
| [reply] [Watch: Dir/Any] |
No experience with it, but a quick search of CPAN gave a possible starting point: Win32::Security
Hope that helps.
| [reply] [Watch: Dir/Any] |
Have a look at Win32::FileSecurity - Manage FileSecurity Discretionary Access Control Lists in Perl - last updated 28 Nov 2013.
I found this book helpful (even though it was published in Oct. 2001): "Win32 Perl Programming: the Standard Extensions, second edition" by Dave Roth. Website: http://www.roth.net/books/extensions2/ -- Chapter 11 deals with security & permissions.
And I presume you could "shell out" to the Windows PowerShell if necessary.
| [reply] [Watch: Dir/Any] |
Additionally:
Have a look at Win32::OLE (e.g., create a shell, and execute commands)
Have a look at Win32::Perms (http://www.roth.net/perl/perms/) -- although it is dated 2002. (This module is discussed here: http://www.perlmonks.org/?node=win32%3A%3Aperms )
Roth has another book, "Win32 Perl Scripting: Administrator's Handbook," which may be more suitable to your tasks.
| [reply] [Watch: Dir/Any] |
Hi pgduke65, you'll discover how shaggy is working in that OS..
i'm not a guru of windows nor a Perl master but i'have now a 12+ years experience administrering winz osses with Perl and my suggestion too is to rely on native commands (as BrowserUk already said) to interact with the system.
I started my early attempts using Admin::Misc and after some years it become no more installable-usable: i had to rewrite a big part of many program to switch to a Perl after 5.8. (see also this node)
Below i present you an aged but still used (by me) piece of code that set permission on a folder. Even if is rough it highlights some problem you also can meet. The ch_acl sub does not call the icacls command directly, instead it passes its args to a test_my_command sub that cycle trying the command until it get back a correct value. This was because the user was created (in a domain) and immediatly used in the permission of a folder; early code sometimes failed because 'No mapping..' was found between the username and a SID..
sub ch_acl{
my ($root, $user, $diritto)=@_; ##$diritto means $right
my $ok = undef;
$diritto = 'M' unless defined $diritto;
die "What you are trying to do?" unless $diritto =~/[R|W|C|F|M
+]/i;
print "********************************icacls $root /T /grant:r $use
+r:(OI)(CI)$diritto\n\n";
while (!$ok){$ok = &test_my_command($root, $user, $diritto)}
print "\n*** PERMISSION SET CORRECTLY\n";
}
sub test_my_command{
my ($root, $user, $diritto)=@_;
my $output = `icacls $root /T /grant:r $user:(OI)(CI)$diritto 2>&1
+`;
if ($output =~ /No mapping/si){print "No mapping..\n";sleep 1;retu
+rn undef}
else{print "OK\n$output";return 1;}
}
Note also the 2>&1 at the end of the command: it is very important because cmd.exe mix OUT and ERR (and their order iirc). If you do not want to get old in the ms docs site consider using this useful site where you can find icacls examples too. You have to learn also the inheritance system of permission specified by the (OI)(CI) part of the above example.
Another very useful knoweldge to have to survive in such jungle is to have very clear understanding of the latest trap they lied to force us to follow their path or die: filesystem redirection. It is very important especially if you use Perl 32bit on a 64 bit OS. I have yet described here
HtH L*
There are no rules, there are no thumbs..
Reinvent the wheel, then learn The Wheel; may be one day you reinvent one of THE WHEELS.
| [reply] [Watch: Dir/Any] [d/l] [select] |
Thank you all for the great feedback! I will look over the suggestions and sample code. This is a great site to get guidance.
Many Thanks.
| [reply] [Watch: Dir/Any] |
Please do not hide or remove this post. Don't be lazy. Perl is about creativity. You're clearly using the wrong language. | [reply] [Watch: Dir/Any] |