Win32::NetResource Permissions for local Groups 
Author Message
 Win32::NetResource Permissions for local Groups

Hi!
From my i could create directories, local groups and resource definitions on
a NT server.
Now there should be a way to assign permissions for the resources to local
groups.
I could not find functions that accomplish this task. Is there none or do i
have to search harder?
cheers
Hansgeorg


Sun, 16 Feb 2003 03:00:00 GMT  
 Win32::NetResource Permissions for local Groups
You can use Win32::Perms to create a security descriptor (SD) which contains
the users/groups you are assigning permissions to.
Cheers,
dave


Quote:
> Hi!
> From my i could create directories, local groups and resource definitions
on
> a NT server.
> Now there should be a way to assign permissions for the resources to local
> groups.
> I could not find functions that accomplish this task. Is there none or do
i
> have to search harder?
> cheers
> Hansgeorg



Wed, 19 Feb 2003 14:14:02 GMT  
 Win32::NetResource Permissions for local Groups
Dave,

I tried Win32::Perms. Please be merciful with me, as I began coding in Perl
3 weeks ago.
One of the many things I do not understand is why the directory has to be
called "\\\\servername\\\\sharename".
The permissions are only applied to the local machine (where I do the tests
before going to a server), not to a remote server where I actually want to
apply permissions.
The script looks like:

$share = "\\\\G1031031\\\\sbs\$";

$group = "gl_ha_sbs";

$server = "\\\\G1031031";

%NetResource = ();
$NetResource{Account} = $group;
$NetResource{Domain} = $server;
$NetResource{Mask} = 0777;

$Dir = new Win32::Perms($verz);
$Dir->Dump;
$Dir->Add(\%NetResource);
$Dir->Set();
$Dir->Dump;

The second Dump shows the new permission, but when the script runs again,
the new entry has an emty account name.

Thanx
Hansgeorg



Sun, 02 Mar 2003 02:29:43 GMT  
 Win32::NetResource Permissions for local Groups
I am not sure what you are trying to do, exactly.  If you are creating a
network share (a shared directory) using Win32::NetResource then you need to
to generate an SD (security descriptor).  Win32::Perms will do this. For
example:

use Win32::Perms;
$Group = "gl_ha_sbs";
# Create a Win32::Perms object...
$Perm = new Win32::Perms || die;
# Add a new user entry
$Perm->Add( $Group, FULL_SHARE, ACCESS_ALLOWED_ACE_TYPE );
# Get a relative SD...
$SD = $Perm->GetSD( SD_RELATIVE );

Now that you have the $SD you can use that in Win32::NetResource when
creating a share.
Let me know if this helps or if I misunderstood your question.
dave


Quote:
> Dave,

> I tried Win32::Perms. Please be merciful with me, as I began coding in
Perl
> 3 weeks ago.
> One of the many things I do not understand is why the directory has to be
> called "\\\\servername\\\\sharename".
> The permissions are only applied to the local machine (where I do the
tests
> before going to a server), not to a remote server where I actually want to
> apply permissions.
> The script looks like:

> $share = "\\\\G1031031\\\\sbs\$";

> $group = "gl_ha_sbs";

> $server = "\\\\G1031031";

> %NetResource = ();
> $NetResource{Account} = $group;
> $NetResource{Domain} = $server;
> $NetResource{Mask} = 0777;

> $Dir = new Win32::Perms($verz);
> $Dir->Dump;
> $Dir->Add(\%NetResource);
> $Dir->Set();
> $Dir->Dump;

> The second Dump shows the new permission, but when the script runs again,
> the new entry has an emty account name.

> Thanx
> Hansgeorg



Wed, 05 Mar 2003 03:00:00 GMT  
 Win32::NetResource Permissions for local Groups
Dave,
thank you for your answer.
Now it works fine, but I do it another way than you described:

# create a share on a file server
Win32::NetResource::NetShareAdd (...)
# create local group on primary domain controller
Win32::NetAdmin::LocalGroupCreate(...)
# pause to replicate PDC
#
$p_dir = new Win32::Perms($share);

# delete unwanted ACEs: $p_dir->Remove($lgroup);

%h_share = ();
$h_share{Account} = $lgroup;
$h_share{Domain} = $server;
$h_share{Mask} = FULL;
$h_share{Type} = ALLOW;
$h_share{Flag} = CONTAINER_INHERIT_ACE;
$p_dir->Add(\%h_share);
$h_share{Flag} = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE;
$p_dir->Add(\%h_share);

$p_dir->Set();

Your Perms module is really extremely useful as it seems to be the only way
to administer remote servers without using GUI tools!

Hansgeorg



Fri, 07 Mar 2003 03:00:00 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. Change group permissions to match user permissions

2. Win32 command to retrieve the list of local groups on a server

3. Perl for Win32 and Win32::NetResource?

4. check directory group permission based on current user

5. relinquishing group permissions

6. Permissions, permissions, permissions....

7. Keeping groups, groups and groups straight

8. NetAdmin and AdminMisc - test for local vs global groups

9. can't see ace with a remote local group

10. can't have ace with remote local group

11. Testing for local vs. global groups

12. LOCAL: Cleveland Linux User's Group

 

 
Powered by phpBB® Forum Software