如何从 C++ 更改 ACL?
任何人都可以在没有任何确认的情况下帮助我从 c++ 执行以下操作:
cacls c:\personal\file.txt /d everyone
Mike
问问题
13070 次
3 回答
15
使用以下代码
#include <Accctrl.h>
#include <Aclapi.h>
void SetFilePermission(LPCTSTR FileName)
{
PSID pEveryoneSID = NULL;
PACL pACL = NULL;
EXPLICIT_ACCESS ea[1];
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
// Create a well-known SID for the Everyone group.
AllocateAndInitializeSid(&SIDAuthWorld, 1,
SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0,
&pEveryoneSID);
// Initialize an EXPLICIT_ACCESS structure for an ACE.
ZeroMemory(&ea, 1 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = 0xFFFFFFFF;
ea[0].grfAccessMode = DENY_ACCESS;
ea[0].grfInheritance= NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) pEveryoneSID;
// Create a new ACL that contains the new ACEs.
SetEntriesInAcl(1, ea, NULL, &pACL);
// Initialize a security descriptor.
PSECURITY_DESCRIPTOR pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(pSD,SECURITY_DESCRIPTOR_REVISION);
// Add the ACL to the security descriptor.
SetSecurityDescriptorDacl(pSD,
TRUE, // bDaclPresent flag
pACL,
FALSE); // not a default DACL
//Change the security attributes
SetFileSecurity(FileName, DACL_SECURITY_INFORMATION, pSD);
if (pEveryoneSID)
FreeSid(pEveryoneSID);
if (pACL)
LocalFree(pACL);
if (pSD)
LocalFree(pSD);
}
于 2009-05-27T05:13:23.757 回答
1
我假设您的意思是在 Windows 系统上?您需要使用 cacls 使用的 Win32 API 的 NTFS 部分。浏览 MSDN,它会在某处。例如SetSecurityInfo
于 2009-05-26T13:13:36.173 回答
0
如果您不想乱用 API(即 SetNamedSecurityInfo),您可以像这样绕过提示:
echo y|cacls filename /d everyone
由于 echo 是内置的,要从程序中调用该命令行,您可能必须运行:
cmd.exe /c echo y|cacls filename /d everyone
于 2009-05-26T13:14:27.687 回答