All geek questions in one place

Reset file security for inheritance AFTER MoveFile () operation

Windows / C ++

Look for some recommendations on how to reset security attributes in a file after moving it to a new folder.

Our standard way of creating files (and downloading from the server) is to create a file in a temporary folder, and then when the file stream is omitted, the file is added. Once the download is complete, we will move the file to the final destination.

MoveFile () will pass security to the file when moving the file. In a specific configuration, this causes a problem where the default values โ€‹โ€‹for the destination folder do not match the source folder. We cannot interfere with folder security ...

So, ultimately, I would like to perform an operation on a file after moving it. My real thinking is that I should get the security attributes of the folder into which it belongs, and then apply to the file after the move is complete.

+4
source share
2 answers

To expand Harry's answer, here is the complete code:

// blank acl used to restore permissions after a file move ACL g_null_acl = { 0 }; InitializeAcl(&g_null_acl, sizeof(g_null_acl), ACL_REVISION); DWORD error = SetNamedSecurityInfo(file_path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION, NULL, NULL, (PACL)&g_null_acl, NULL);

Keep in mind that calling SetNamedSecurityInfo (in this case) requires SE_RESTORE_NAME privileges, so it cannot be called from a running service as a network service (or local service) because they have limited permissions .

+4
source

Use SetNamedSecurityInfo with the UNPROTECTED_DACL_SECURITY_INFORMATION flag. Just pass an empty ACL to delete records received from the previous parent. It will look something like this:

 error = SetNamedSecurityInfo( path_to_file, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION, NULL, NULL, empty_acl, NULL);
+2
source

Source: https://habr.com/ru/post/1490379/

More articles:


All Articles