windows 如何从 C++ 更改 ACL?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/910528/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
how to change the ACLs from c++?
提问by Shino C G
How to change the ACLs from c++?
如何从 C++ 更改 ACL?
Can anyone help me to do the following from c++ without any confirmations:
任何人都可以在没有任何确认的情况下帮助我从 C++ 中执行以下操作:
cacls c:\personal\file.txt /d everyone
回答by Shino C G
Use following code
使用以下代码
#include <Accctrl.h>
#include <Aclapi.h>
void SetFilePermission(LPCTSTR FileName)
{
PSID pEveryoneSID = NULL;
PACL pACL = NULL;
EXPLICIT_ACCESS ea[1];
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
// Create a well-known SID for the Everyone group.
AllocateAndInitializeSid(&SIDAuthWorld, 1,
SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0,
&pEveryoneSID);
// Initialize an EXPLICIT_ACCESS structure for an ACE.
ZeroMemory(&ea, 1 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = 0xFFFFFFFF;
ea[0].grfAccessMode = DENY_ACCESS;
ea[0].grfInheritance= NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR) pEveryoneSID;
// Create a new ACL that contains the new ACEs.
SetEntriesInAcl(1, ea, NULL, &pACL);
// Initialize a security descriptor.
PSECURITY_DESCRIPTOR pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(pSD,SECURITY_DESCRIPTOR_REVISION);
// Add the ACL to the security descriptor.
SetSecurityDescriptorDacl(pSD,
TRUE, // bDaclPresent flag
pACL,
FALSE); // not a default DACL
//Change the security attributes
SetFileSecurity(FileName, DACL_SECURITY_INFORMATION, pSD);
if (pEveryoneSID)
FreeSid(pEveryoneSID);
if (pACL)
LocalFree(pACL);
if (pSD)
LocalFree(pSD);
}
回答by PowerApp101
I assume you mean on a Windows system? You need to use the NTFS part of the Win32 API, which is what cacls uses. Browse through MSDN, it'll be in there somewhere. Eg SetSecurityInfo
我假设你的意思是在 Windows 系统上?您需要使用 Win32 API 的 NTFS 部分,这是 cacls 使用的。浏览 MSDN,它会在某个地方。例如SetSecurityInfo
回答by JimG
If you don't want to mess around with the API (i.e. SetNamedSecurityInfo), you might be able to bypass the prompt like so:
如果您不想弄乱 API(即 SetNamedSecurityInfo),您可以像这样绕过提示:
echo y|cacls filename /d everyone
Since echo is a builtin, to call that command line from your program, you'd probably have to run:
由于 echo 是一个内置函数,要从您的程序调用该命令行,您可能必须运行:
cmd.exe /c echo y|cacls filename /d everyone
