Perl在Windows上运行时获取父文件夹权限的最佳实践是什么 [英] what is the best practice for Perl getting parent folder permissions while running on windows

问题描述

我不是Perl开发人员太多，但我需要它来为perforce触发条件.

I'm not much of a Perl developer but I need it to make triggers for perforce.

所以这是背景:
我有一个以管理员身份运行的Windows服务，该服务在Windows上调用Perl脚本.

So this is the background:
I have a windows service that runs as admin that calls the Perl script on windows.

该脚本需要在网络存储上创建一个文件，该文件都配置为可与Windows和UNIX权限\安全性类型一起使用.

The script needs to create a file on a network storage which is both configured to work with windows and UNIX permissions\security types.

由于运行脚本的用户是管理员用户，因此在所有目录下创建的所有文件夹和文件都不会继承目录权限，而只能对root用户进行编辑.

Since the user that is running the script is an admin user all folders and files that it creates under all directories are no inheriting the directories permissions but makes it editable only to root.

我想做的是创建文件，然后将其chmod到父文件夹的"stat"结果.

What I try to do is create the file and than chmod it to the parent folder's "stat" results.

my ($perms, $uid, $gid) = (stat $ParentDirFullPath)[2, 4, 5];  
$perms = sprintf("%04o", $perms & 0777);
chmod($perms, $NewFileFullPath);

问题是Windows上的stat命令无法获取unix \ gid和unix \ uid，而chmod命令实际上不受支持.

The problem is that stat command on windows dosen't get the unix\gid and unix\uid + the chmod command is not really supported.

我研究了file::stat模块，以找到一种显示Windows权限的方法(因为它们也存在于其中)来获取它们并使用我尚未测试的命令来应用它们，该命令可能应该在该模块下Win32::FileSecurity. 我找不到从那里获取权限的方法(我得到stat=ARRAY(0x46d0f8)).

I looked into the file::stat module to find a way for displaying windows permissions(since they are present there too) to take them and apply them with a command that I didn't test yet that should be probably under the module Win32::FileSecurity. I didn't find a way to get the permissions from there(I get stat=ARRAY(0x46d0f8)).

有什么想法或建议吗?

TL; DR :(如何?"问题)在Windows上运行Perl脚本，该脚本具有父文件夹权限，并将其应用到该脚本在同时支持Windows和Unix安全性/权限类型的网络存储中创建的文件上(我要应用的权限是诸如组和用户权限之类的窗口.

TL;DR:("How to?" question) Running Perl script on windows that takes parent folder permissions and applies them on a file that the scripts creates in the network storage that supports both Windows and Unix security/permissions types(the permissions that I want to apply are windows like permissions for groups and users).

我尝试了下一个代码:

I tried the next code:

use Win32::FileSecurity qw(Get EnumerateRights);
use Win32;

my $dir1 = "\\\\NetworkStorage\\home\\user1";
my $dir2 = "\\\\NetworkStorage\\home\\user1\\PerlFileSecTest";

my %permissions;
Win32::FileSecurity::Get($dir1, \%permissions);
Win32::FileSecurity::Set($dir2, \%permissions);

然后出现下一个错误:

S-1-5-11-2038111172-1292333386-11111-20315(this is not an original number and it changes this is unix FS user identifier that the AD knows how to parse)
Error handling error: 1332, LookupAccountName.

因此，看来FileSecurity无法处理来自同时支持unixfs和NTFS的基于unix的存储的用户标识符.

So it looks like the FileSecurity can't handle that user identifier that is coming from the unix based storage that supports both unixfs and NTFS.

这很奇怪，因为当我选择一个文件夹并执行右键单击->属性->安全选项卡"时，我看到了数字，然后将它们解析为unixUid \ user1等...

This is strange because when I choose a folder for example and do "right click -> properties -> security tab" I see the numbers and then they are parsed to unixUid\user1 etc...

有什么办法解决吗?

推荐答案

专门针对我的情况，问题是网络驱动器上的混合模式，我发现下一个解决方案对我来说已经足够了.

Specifically for my case where the issue was the mixed mode on the network drive I found the next solution to be good enough for me.

我调用"icacls"系统命令，并从上面的文件夹中手动为域用户设置权限.

I call the "icacls" system command and set permissions manually for the domain users from the folder above.

my $error = system("icacls $CreatedDir /grant domain\\user:(OI)(CI)F /T");

上面的代码为用户提供了由服务与admin用户创建的文件夹的完全递归权限(这导致该文件夹仅在我们的配置中被锁定为rood或admin用户).

The code above gives full recursive permissions for the user to the folder that was created by the service with the admin user(which caused the folder to be locked only for the rood or admin user in our configuration).

请注意，上方的命令不会覆盖现有权限，但这对我来说已经足够了.

Note that the command above doesn't override existing permissions but it was good enough for me.

所以最终我最终得到了一个文件夹和文件，这些文件和文件可供用户访问，这些文件和文件调用了与admin用户一起运行的特定服务.

So eventually I end up with a folder and files that are accessible to the user that called the specific service which runs with admin user.

这篇关于Perl在Windows上运行时获取父文件夹权限的最佳实践是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！