I'm just getting into this w2k security so this is
a 101.
I tried your code for a single directory and got this.
This seems to be more a permissions question. Look
at the mask output below.
(I modified your %permissions build to:
$loop++;
$permissions{$aceName . "__$loop"} = {access => $access, mask => \@mask};
and added a flag view.
)
I get the same listing for allow and deny.
Does that look right?
Thanks
ACE
Owner of "\\y-fps3\Home\Star_hub" is "RAYO\2007617" with "3" aces.
Group of "\\y-fps3\Home\Star_hub" is "" with "3" aces.
ACE:
Ace name: RAYO\2007617
Ace access: Denied
Ace sid: S-1-5-21--1289165036-66035279--551693756-12389
Ace domain: RAYO
Ace entry: DACL
Ace account: DACL
Ace type: 2
flag: OBJECT_INHERIT_ACE
flag: CONTAINER_INHERIT_ACE
ACE:
Ace name: RAYO\2007617
Ace access: Allowed
Ace sid: S-1-5-21--1289165036-66035279--551693756-12389
Ace domain: RAYO
Ace entry: DACL
Ace account: DACL
Ace type: 1
flag: OBJECT_INHERIT_ACE
flag: CONTAINER_INHERIT_ACE
ACE:
Ace name: RAYO\OUoperators
Ace access: Allowed
Ace sid: S-1-5-21--1289165036-66035279--551693756-10260
Ace domain: RAYO
Ace entry: DACL
Ace account: DACL
Ace type: 1
flag: OBJECT_INHERIT_ACE
flag: CONTAINER_INHERIT_ACE
PERMISSIONS mask
Group/User: RAYO\OUoperators__3
Permissions: (Allowed)
STANDARD_RIGHTS_ALL
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_DELETE_CHILD
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
Group/User: RAYO\2007617__1
Permissions: (Denied)
STANDARD_RIGHTS_ALL
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_DELETE_CHILD
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
Group/User: RAYO\2007617__2
Permissions: (Allowed)
STANDARD_RIGHTS_ALL
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_DELETE_CHILD
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
|