Win32::FileSecurity

Ahlsen-Girard Edward F Contr ESC/ACU OL1 Thu, 08 Apr 2004 08:21:14 -0700

Title: Win32::FileSecurity

Greetings,

I am trying to reconfigure a web server for demotion to being a member server, which requires reassigning many file permissions (371 directories alone) to roughly a hundred discreet areas and levels of access.

All the permissions started off assigned to Domain Local groups on an NT4 server, which was upgraded to W2000 in it's AD forest. I want to get rid of the forest, so permisisons need to live in the member server's LSA. There needs to be a period of overlap in which bothe the Domain Local groups and the server local groups have the same rights.

I get the rights masks on each file for the domain local groups from Win32::FileSecurity, and append keys for the corresponding server groups to the hash in Get($file, \%hash). But when I run Set($file, \%hash), it does not seem to preserve the domain local groups' permissions: nothing is left but the server locals. I am running the script on the member server in question as The Big Domain Administrator. Am I doing something wrong, or have I found a limitation of Win32::FileSecurity? Snippet follows .signature.

Ed Ahlsen-Girard        mailto:[EMAIL PROTECTED]
Network Administrator   850-882-6540x5349   ESC/ACU OL1
TYBRIN Corporation      DSN:872-6540x5349   205 West D Ave Ste 628
LAN Integration         FAX: 850-882-6379   Eglin AFB, FL 32542
http://www.tybrin.com https://www.mission-planning.eglin.af.mil/

use Win32::FileSecurity qw(Set EnumerateRights Get MakeMask);    #add Set when ready to go live

use File::Find;

-------------->% (snip)

find(\&wanted, @directories);

FILE: foreach my $fn (@filelist) {
    print RECORD "$fn original DACLs:\n";
        if ( Get( $fn, \%dacl ) ) {
        foreach $domaingroup (@domaingroups) {
            if ($dacl{$domaingroup}) {
                $fo = $fn;
                $fo =~ s/\//\\/g;
                foreach $localgroup (@$domaingroup) {
                    $dacl{$localgroup} = $dacl{$domaingroup};
                }
            }
        }
        unless (Set($fn, \%dacl)) {
            print "Did not Set for $fn\n";
        }
    }
    else {
        print "Did not Get for $fn\n";
    }
}

_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Win32::FileSecurity

Reply via email to