Program code to modify the user access rights of a file (folder)

Source: Internet
Author: User
Tags account security

Original link: http://www.cppblog.com/wrhwww/archive/2011/08/23/154117.html

The System files (folders) under General Windows only allow the limited account to read and not write and modify. If you want to turn on write permissions, you will need to manually modify the user account security permissions for the file (folder) (This will of course be performed under the Administrator account). The following program encapsulates the operation:

Let's start with an API version:

//

Enable all operation permissions for a file (folder) for an account

Pszpath: File (clip) path

Pszaccount: Account Name

//

BOOL Enablefileaccountprivilege (pctstr pszpath, Pctstr pszaccount)

{

BOOL bsuccess = TRUE;

PACL Pnewdacl = null, POLDDACL = NULL;

Explicit_access EA;

Do

{

Gets the DACL list of the file (clip) securable object

if (error_success! =:: GetNamedSecurityInfo ((LPTSTR) Pszpath, se_file_object, dacl_security_information, NULL, NULL, & AMP;POLDDACL, NULL, NULL))

{

bsuccess = FALSE;

Break

}

You cannot use the AddAccessAllowedAce function directly here because the existing DACL length is fixed and a DACL object must be recreated

Generates access control information for the specified user account (specified here to give full access rights)

:: Buildexplicitaccesswithname (&ea, (LPTSTR) Pszaccount, Generic_all, grant_access, Sub_containers_and_objects_ INHERIT);

Creating a new ACL object (merging existing ACL objects and newly generated user account access control information)

if (error_success! =:: SetEntriesInAcl (1, &ea, Polddacl, &pnewdacl))

{

bsuccess = FALSE;

Break

}

Set file (clip) DACL List of securable objects

if (error_success! =:: SetNamedSecurityInfo ((LPTSTR) Pszpath, se_file_object, dacl_security_information, NULL, NULL, Pnewdacl, NULL))

{

bsuccess = FALSE;

}

} while (FALSE);

Freeing resources

if (pnewdacl! = NULL)

:: LocalFree (PNEWDACL);

return bsuccess;

}

ATL encapsulates the security operation function, which is much simpler to write in ATL:

//

Enable all operations permissions for a file (folder) for an account (ATL version)

Pszpath: File (clip) path

Pszaccount: Account Name

//

BOOL Atlenablefileaccountprivilege (pctstr pszpath, Pctstr pszaccount)

{

CDacl DACL;

CSid SID;

Get user account identifier

if (!sid. Loadaccount (Pszaccount))

{

return FALSE;

}

Gets the DACL of the file (clip)

if (! Atlgetdacl (Pszpath, Se_file_object, &dacl))

{

return FALSE;

}

To add a new ACE entry in a DACL

Dacl. Addallowedace (SID, Generic_all);

Setting a DACL for a file (clip)

Return Atlsetdacl (Pszpath, Se_file_object, DACL)? True:false;

}

Program code to modify the user access permissions for a file (folder)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.