如何创建授予所有人所有权限的目录 [英] How to create directory with all rights granted to everyone
问题描述
我需要以编程方式创建一个目录,将完全控制"授予所有人"组.如果我使用
I need to programmatically create a directory that grants "Full Control" to the group "Everyone". If I use
CreateDirectory(path, NULL);
根据 Win32 SDK 文档,这将创建一个继承从其父目录.我不想继承父目录的访问权限,我需要确保每个人"都可以完全控制目录.
This will, according to the Win32 SDK documentation, create a directory that inherits from its parent directory. I do not want to inherit the access rights of the parent directory I need to ensure that "Everyone" has full control over the directory.
显然,这需要使用适当的安全描述符设置 SECURITY_ATTRIBUTES 结构.我该怎么做?
Obviously, this will require setting up the SECURITY_ATTRIBUTES structure with the appropriate security descriptor. How do I do that?
推荐答案
这是一种似乎有效的技巧:
Here's one technique that seems to work:
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
PSID everyone_sid = NULL;
AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0, &everyone_sid);
EXPLICIT_ACCESS ea;
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL;
ea.grfAccessMode = SET_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.ptstrName = (LPWSTR)everyone_sid;
PACL acl = NULL;
SetEntriesInAcl(1, &ea, NULL, &acl);
PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR,
SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE);
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = sd;
sa.bInheritHandle = FALSE;
CreateDirectory(path, &sa);
FreeSid(everyone_sid);
LocalFree(sd);
LocalFree(acl);
请注意,此示例代码绝对没有错误检查——您必须自己提供.
Note that this sample code has absolutely no error checking -- you'll have to supply that yourself.
这篇关于如何创建授予所有人所有权限的目录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
