blackadder has asked for the wisdom of the Perl Monks concerning the following question:

I have a problem: I shall explain (poorly maybe so please bear with me :-)
I have this code which simply extracts access permission information from an object (in my case, it's always a directory), displays the information on the screen and and I should be able to remove permission from a given account name(lets say the 'Everyone' account) off every directory/sub-directory from a given location (lets say \\srv1\d$).
I have a test drive (lets say d:/) and assigned access permissions to Domain Admins, Everyone and myself, I also have ensured that the ”Allow inherited permissions from parent to propagate to this object” is checked. Which means that the permissions are inherited on all accounts.
When I run my script (on Windows 2000 based PC) it removes permissions for the top level only, i.e. all sub folder below it are left intact.
Can some please tell what am I doing wrong. I REALLY appreciate your help.
use strict; use Win32::Perms; my $path = 'd:/'; my $acc = 'everyone'; my $prms = new Win32::Perms($path); print "\n\nPATH '" . $prms->Path() . "'\n"; my @list; my $total=0; my $indx = $prms->Get(\@list); print "index( number of entries )= $indx\n"; foreach my $rec_ref (@list) { print "\n***********************\n"; print "Record reference: $rec_ref\n"; foreach my $role (keys %$rec_ref) { print "$role = $rec_ref->{$role}\n"; } } $prms -> Dump; while ($indx--) { print "INDEX NUMBER: $indx\n"; my $rec_ref = $list[$indx]; foreach my $role (keys %$rec_ref) { next unless ($role =~ /account/i); print "$role = $rec_ref->{$role}\n"; if ($rec_ref->{$role} =~ /$acc/i) { print "Permission for this account will be removed\n"; if ( $rec_ref->{Flag} && INHERITED_ACE ) { print "\nFound inheretance here\n"; $total += $prms ->Remove($indx); $prms -> Set( ); } else { $prms ->Remove($indx); $prms -> Set( ); } } } print "****************************\n"; } $prms -> Dump;

Replies are listed 'Best First'.
Re: Inherited Permissions
by particle (Vicar) on Jun 23, 2002 at 14:04 UTC
    read the docs at Roth Consulting's Official Win32::Perms homepage. setting the 'Allow inherited permissions...' flag in the OS will not affect execution of this script. you need to explicitly set the inheritance flags for the ACE (access control entry.) specifically, set CONTAINER_INHERIT_ACE to do what you need.

    i suggest you pick up a copy of WIN32 Perl Programming: The Standard Extensions, or at least browse chapter 11 in your local bookstore for more examples than are listed on the site.

    also, our illustrious fellow monk Masem created How to RTFM, which might help you in searching for answers in the future.

    ~Particle *accelerates*