移动文件夹跨磁盘而不更改安全描述符 [英] Move folder cross disks without security descriptor change
问题描述
我想在不更改其安全描述符的情况下将文件夹从一个驱动器(例如C)移动到另一个驱动器(例如D). SHFileOperation可以移动文件夹,但是D上的新文件夹总是从父文件夹继承权限.为了不影响同一父文件夹下的其他子文件夹,我无法更改父文件夹以停止将其权限传播给它的子文件夹.
I want to move a folder from one drive (e.g. C) to another (say D) without its security descriptor changed. SHFileOperation can move the folder, but new folder on D always inherit the permission from the parent folder. Not to impact other subfolders under the same parent folder, I cannot change the parent folder to stop propogating its permissions to its children.
我在SE上使用SetSecurityDescriptorControl和SE_DACL_PROTECTED来禁用在C上创建文件夹时的继承.当跨文件夹移动文件夹时,似乎不起作用.我还尝试通过删除旧的ACE为D上的新文件夹设置安全信息.但是,无法删除那些继承的ACE.
I have used SetSecurityDescriptorControl with SE_DACL_PROTECTED to disable inherit when creating the folder on C. It seems not to work when move folder cross volumn. I also tried to set security info for the new folder on D, by removing old ACEs. However, those inherited ACEs cannot be removed.
有一个注册表ForceCopyAclwithFile(http://thedailyreviewer.com/server/view/copy-folder-w-user-permission-intact-10274759),但由于它对全球系统的影响,我不想使用它
There is a registry ForceCopyAclwithFile (http://thedailyreviewer.com/server/view/copy-folder-w-user-permission-intact-10274759) but I don't want to use it because of its global system impact.
如何在不更改权限的情况下使用Windows API移动文件夹跨磁盘?我在这里想念什么?
How can I use windows API to move a folder cross disks without permission change? What did I miss here?
谢谢 莱昂
推荐答案
您可以使用BackupRead和BackupWrite在完整的NTFS安全性下跨卷移动目录.
You can use BackupRead and BackupWrite to move directories across volumes with NTFS security intact.
BackupRead: http://msdn.microsoft.com /en-us/library/aa362509(VS.85).aspx
BackupRead: http://msdn.microsoft.com/en-us/library/aa362509(VS.85).aspx
BackupWrite: http://msdn.microsoft.com /en-us/library/aa362511(VS.85).aspx
BackupWrite: http://msdn.microsoft.com/en-us/library/aa362511(VS.85).aspx
您首先需要在目标位置创建文件夹,然后使用CreateFile打开两个文件夹以获取它们的句柄.
You will need to create the folder at the destination first, then open both folders using CreateFile in order to get handles to them.
您的过程将需要获得备份和还原"特权,并且需要将FILE_FLAG_BACKUP_SEMANTICS传递到CreateFile中.
Your process will need to obtain the Backup and Restore privileges and you need to pass FILE_FLAG_BACKUP_SEMANTICS into CreateFile.
这篇关于移动文件夹跨磁盘而不更改安全描述符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
