c++修改文件(夹)的用户访问权限程序代码
2012-04-23 23:43
417 查看
http://www.cppblog.com/wrhwww/archive/2011/08/23/154117.html
c++修改文件(夹)的用户访问权限程序代码
一般Windows下的系统文件(夹)只让受限帐户读取而不让写入和修改。如果要开启写操作权限就需要手动修改文件(夹)的用户帐户安全权限(这操作当然要在管理员帐户下执行).以下用程序封装了一下该操作:
先来个API版本:
//
// 启用某个账户对某个文件(夹)的所有操作权限
// pszPath: 文件(夹)路径
// pszAccount: 账户名称
//
BOOL EnableFileAccountPrivilege (PCTSTR pszPath, PCTSTR pszAccount)
{
BOOL bSuccess = TRUE;
PACL pNewDacl = NULL, pOldDacl = NULL;
EXPLICIT_ACCESS ea;
do
{
// 获取文件(夹)安全对象的DACL列表
if (ERROR_SUCCESS != ::GetNamedSecurityInfo ((LPTSTR)pszPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, NULL))
{
bSuccess = FALSE;
break;
}
// 此处不可直接用AddAccessAllowedAce函数,因为已有的DACL长度是固定,必须重新创建一个DACL对象
// 生成指定用户帐户的访问控制信息(这里指定赋予全部的访问权限)
::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
// 创建新的ACL对象(合并已有的ACL对象和刚生成的用户帐户访问控制信息)
if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &ea, pOldDacl, &pNewDacl))
{
bSuccess = FALSE;
break;
}[next]
// 设置文件(夹)安全对象的DACL列表
if (ERROR_SUCCESS != ::SetNamedSecurityInfo ((LPTSTR)pszPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL))
{
bSuccess = FALSE;
}
} while (FALSE);
// 释放资源
if (pNewDacl != NULL)
::LocalFree(pNewDacl);
return bSuccess;
}ATL封装了安全操作函数,用ATL来写就简单多了: //
// 启用某个账户对某个文件(夹)的所有操作权限(ATL版本)
// pszPath: 文件(夹)路径
// pszAccount: 账户名称
//
BOOL AtlEnableFileAccountPrivilege (PCTSTR pszPath, PCTSTR pszAccount)
{
CDacl dacl;
CSid sid;
// 获取用户帐户标志符
if (!sid.LoadAccount (pszAccount))
{
return FALSE;
}
// 获取文件(夹)的DACL
if (!AtlGetDacl (pszPath, SE_FILE_OBJECT, &dacl))
{
return FALSE;
}
// 在DACL中添加新的ACE项
dacl.AddAllowedAce (sid, GENERIC_ALL);
// 设置文件(夹)的DACL
return AtlSetDacl (pszPath, SE_FILE_OBJECT, dacl) ? TRUE : FALSE;
}
来源:http://www.uniuc.com/computer/show-6322-1.html\\\
通过程序对文件夹的访问权限进行控制。
BOOL My_SetFolderSecurity(WCHAR* szPath)
{
SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
PSID pSidSystem = NULL;
PSID pSidAdmins = NULL;
PSID pSidWorld = NULL;
PACL pDacl = NULL;
EXPLICIT_ACCESS ea[4];
SECURITY_DESCRIPTOR SecDesc;
ULONG lRes = ERROR_SUCCESS;
__try
{
// create SYSTEM SID
if (!AllocateAndInitializeSid(&sia, 1, SECURITY_LOCAL_SYSTEM_RID,
0, 0, 0, 0, 0, 0, 0, &pSidSystem))
{
lRes = GetLastError();
__leave;
}
// create Local Administrators alias SID
if (!AllocateAndInitializeSid(&sia, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
0, 0, &pSidAdmins))
{
lRes = GetLastError();
__leave;
}
// create Authenticated users well-known group SID
if (!AllocateAndInitializeSid(&sia, 1, SECURITY_AUTHENTICATED_USER_RID,
0, 0, 0, 0, 0, 0, 0, &pSidWorld))
{
lRes = GetLastError();
__leave;
}
// fill an entry for the SYSTEM account
ea[0].grfAccessMode = GRANT_ACCESS;
ea[0].grfAccessPermissions = FILE_ALL_ACCESS;
ea[0].grfInheritance = OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
ea[0].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
ea[0].Trustee.pMultipleTrustee = NULL;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR)pSidSystem;
// fill an entry entries for the Administrators alias
ea[1].grfAccessMode = GRANT_ACCESS;
ea[1].grfAccessPermissions = FILE_ALL_ACCESS;
ea[1].grfInheritance = OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
ea[1].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
ea[1].Trustee.pMultipleTrustee = NULL;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_ALIAS;
ea[1].Trustee.ptstrName = (LPTSTR)pSidAdmins;
// fill an entry for the Authenticated users well-known group
ea[2].grfAccessMode = GRANT_ACCESS;
ea[2].grfAccessPermissions = FILE_GENERIC_READ|FILE_GENERIC_WRITE ;
ea[2].grfInheritance = OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
ea[2].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
ea[2].Trustee.pMultipleTrustee = NULL;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[2].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[2].Trustee.ptstrName = (LPTSTR)pSidWorld;
// create a DACL
lRes = SetEntriesInAcl(3, ea, NULL, &pDacl);
if (lRes != ERROR_SUCCESS)
__leave;
// initialize security descriptor
if(!InitializeSecurityDescriptor(&SecDesc, SECURITY_DESCRIPTOR_REVISION))
__leave ;
if(!SetSecurityDescriptorDacl(&SecDesc, TRUE, pDacl, FALSE))
__leave ;
// assign security descriptor to the key
//lRes = RegSetKeySecurity(hKey, DACL_SECURITY_INFORMATION, &SecDesc);
lRes = SR_SetFileSecurityRecursive(szPath, DACL_SECURITY_INFORMATION, &SecDesc);
//lRes = SetFileSecurity(szPath, DACL_SECURITY_INFORMATION, &SecDesc);
}
__finally
{
if (pSidSystem != NULL)
FreeSid(pSidSystem);
if (pSidAdmins != NULL)
FreeSid(pSidAdmins);
if (pSidWorld != NULL)
FreeSid(pSidWorld);
if (pDacl != NULL)
LocalFree((HLOCAL)pDacl);
}
SetLastError(lRes);
return lRes != ERROR_SUCCESS;
}
Command what is yours
Conquer what is not
==========================================================
我解决了,在MSDN里找到的
(取自MSDN)
#define _WIN32_WINNT 0x0500
#include <windows.h>
#include <sddl.h>
#include <stdio.h>
BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);
void main()
{
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
// Call function to set the DACL. The DACL
// is set in the SECURITY_ATTRIBUTES
// lpSecurityDescriptor member.
if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf( "Failed CreateMyDACL\n ");
exit(1);
}
// Use the updated SECURITY_ATTRIBUTES to specify
// security attributes for securable objects.
// This example uses security attributes during
// creation of a new directory.
if (0 == CreateDirectory(TEXT( "C:\\MyFolder "), &sa))
{
// Error encountered; generate message and exit.
printf( "Failed CreateDirectory\n ");
exit(1);
}
// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf( "Failed LocalFree\n ");
exit(1);
}
}
BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT( "D: ") // Discretionary ACL
TEXT( "(D;OICI;GA;;;BG) ") // Deny access to built-in guests
TEXT( "(D;OICI;GA;;;AN) ") // Deny access to anonymous logon
TEXT( "(A;OICI;GRGWGX;;;AU) ") // Allow read/write/execute to authenticated users
TEXT( "(A;OICI;GA;;;BA) "); // Allow full control to administrators
if (NULL == pSA)
return FALSE;
return ConvertStringSecurityDescriptorToSecurityDescriptor(
szSD,
SDDL_REVISION_1,
&(pSA-> lpSecurityDescriptor),
NULL);
}
c++修改文件(夹)的用户访问权限程序代码
一般Windows下的系统文件(夹)只让受限帐户读取而不让写入和修改。如果要开启写操作权限就需要手动修改文件(夹)的用户帐户安全权限(这操作当然要在管理员帐户下执行).以下用程序封装了一下该操作:先来个API版本:
//
// 启用某个账户对某个文件(夹)的所有操作权限
// pszPath: 文件(夹)路径
// pszAccount: 账户名称
//
BOOL EnableFileAccountPrivilege (PCTSTR pszPath, PCTSTR pszAccount)
{
BOOL bSuccess = TRUE;
PACL pNewDacl = NULL, pOldDacl = NULL;
EXPLICIT_ACCESS ea;
do
{
// 获取文件(夹)安全对象的DACL列表
if (ERROR_SUCCESS != ::GetNamedSecurityInfo ((LPTSTR)pszPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, NULL))
{
bSuccess = FALSE;
break;
}
// 此处不可直接用AddAccessAllowedAce函数,因为已有的DACL长度是固定,必须重新创建一个DACL对象
// 生成指定用户帐户的访问控制信息(这里指定赋予全部的访问权限)
::BuildExplicitAccessWithName (&ea, (LPTSTR)pszAccount, GENERIC_ALL, GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
// 创建新的ACL对象(合并已有的ACL对象和刚生成的用户帐户访问控制信息)
if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &ea, pOldDacl, &pNewDacl))
{
bSuccess = FALSE;
break;
}[next]
// 设置文件(夹)安全对象的DACL列表
if (ERROR_SUCCESS != ::SetNamedSecurityInfo ((LPTSTR)pszPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL))
{
bSuccess = FALSE;
}
} while (FALSE);
// 释放资源
if (pNewDacl != NULL)
::LocalFree(pNewDacl);
return bSuccess;
}ATL封装了安全操作函数,用ATL来写就简单多了: //
// 启用某个账户对某个文件(夹)的所有操作权限(ATL版本)
// pszPath: 文件(夹)路径
// pszAccount: 账户名称
//
BOOL AtlEnableFileAccountPrivilege (PCTSTR pszPath, PCTSTR pszAccount)
{
CDacl dacl;
CSid sid;
// 获取用户帐户标志符
if (!sid.LoadAccount (pszAccount))
{
return FALSE;
}
// 获取文件(夹)的DACL
if (!AtlGetDacl (pszPath, SE_FILE_OBJECT, &dacl))
{
return FALSE;
}
// 在DACL中添加新的ACE项
dacl.AddAllowedAce (sid, GENERIC_ALL);
// 设置文件(夹)的DACL
return AtlSetDacl (pszPath, SE_FILE_OBJECT, dacl) ? TRUE : FALSE;
}
来源:http://www.uniuc.com/computer/show-6322-1.html\\\
通过程序对文件夹的访问权限进行控制。
BOOL My_SetFolderSecurity(WCHAR* szPath)
{
SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
PSID pSidSystem = NULL;
PSID pSidAdmins = NULL;
PSID pSidWorld = NULL;
PACL pDacl = NULL;
EXPLICIT_ACCESS ea[4];
SECURITY_DESCRIPTOR SecDesc;
ULONG lRes = ERROR_SUCCESS;
__try
{
// create SYSTEM SID
if (!AllocateAndInitializeSid(&sia, 1, SECURITY_LOCAL_SYSTEM_RID,
0, 0, 0, 0, 0, 0, 0, &pSidSystem))
{
lRes = GetLastError();
__leave;
}
// create Local Administrators alias SID
if (!AllocateAndInitializeSid(&sia, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0,
0, 0, &pSidAdmins))
{
lRes = GetLastError();
__leave;
}
// create Authenticated users well-known group SID
if (!AllocateAndInitializeSid(&sia, 1, SECURITY_AUTHENTICATED_USER_RID,
0, 0, 0, 0, 0, 0, 0, &pSidWorld))
{
lRes = GetLastError();
__leave;
}
// fill an entry for the SYSTEM account
ea[0].grfAccessMode = GRANT_ACCESS;
ea[0].grfAccessPermissions = FILE_ALL_ACCESS;
ea[0].grfInheritance = OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
ea[0].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
ea[0].Trustee.pMultipleTrustee = NULL;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR)pSidSystem;
// fill an entry entries for the Administrators alias
ea[1].grfAccessMode = GRANT_ACCESS;
ea[1].grfAccessPermissions = FILE_ALL_ACCESS;
ea[1].grfInheritance = OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
ea[1].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
ea[1].Trustee.pMultipleTrustee = NULL;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_ALIAS;
ea[1].Trustee.ptstrName = (LPTSTR)pSidAdmins;
// fill an entry for the Authenticated users well-known group
ea[2].grfAccessMode = GRANT_ACCESS;
ea[2].grfAccessPermissions = FILE_GENERIC_READ|FILE_GENERIC_WRITE ;
ea[2].grfInheritance = OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE;
ea[2].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
ea[2].Trustee.pMultipleTrustee = NULL;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[2].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[2].Trustee.ptstrName = (LPTSTR)pSidWorld;
// create a DACL
lRes = SetEntriesInAcl(3, ea, NULL, &pDacl);
if (lRes != ERROR_SUCCESS)
__leave;
// initialize security descriptor
if(!InitializeSecurityDescriptor(&SecDesc, SECURITY_DESCRIPTOR_REVISION))
__leave ;
if(!SetSecurityDescriptorDacl(&SecDesc, TRUE, pDacl, FALSE))
__leave ;
// assign security descriptor to the key
//lRes = RegSetKeySecurity(hKey, DACL_SECURITY_INFORMATION, &SecDesc);
lRes = SR_SetFileSecurityRecursive(szPath, DACL_SECURITY_INFORMATION, &SecDesc);
//lRes = SetFileSecurity(szPath, DACL_SECURITY_INFORMATION, &SecDesc);
}
__finally
{
if (pSidSystem != NULL)
FreeSid(pSidSystem);
if (pSidAdmins != NULL)
FreeSid(pSidAdmins);
if (pSidWorld != NULL)
FreeSid(pSidWorld);
if (pDacl != NULL)
LocalFree((HLOCAL)pDacl);
}
SetLastError(lRes);
return lRes != ERROR_SUCCESS;
}
Command what is yours
Conquer what is not
==========================================================
我解决了,在MSDN里找到的
(取自MSDN)
#define _WIN32_WINNT 0x0500
#include <windows.h>
#include <sddl.h>
#include <stdio.h>
BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);
void main()
{
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
// Call function to set the DACL. The DACL
// is set in the SECURITY_ATTRIBUTES
// lpSecurityDescriptor member.
if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf( "Failed CreateMyDACL\n ");
exit(1);
}
// Use the updated SECURITY_ATTRIBUTES to specify
// security attributes for securable objects.
// This example uses security attributes during
// creation of a new directory.
if (0 == CreateDirectory(TEXT( "C:\\MyFolder "), &sa))
{
// Error encountered; generate message and exit.
printf( "Failed CreateDirectory\n ");
exit(1);
}
// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf( "Failed LocalFree\n ");
exit(1);
}
}
BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT( "D: ") // Discretionary ACL
TEXT( "(D;OICI;GA;;;BG) ") // Deny access to built-in guests
TEXT( "(D;OICI;GA;;;AN) ") // Deny access to anonymous logon
TEXT( "(A;OICI;GRGWGX;;;AU) ") // Allow read/write/execute to authenticated users
TEXT( "(A;OICI;GA;;;BA) "); // Allow full control to administrators
if (NULL == pSA)
return FALSE;
return ConvertStringSecurityDescriptorToSecurityDescriptor(
szSD,
SDDL_REVISION_1,
&(pSA-> lpSecurityDescriptor),
NULL);
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- c++修改文件(夹)的用户访问权限程序代码
- 转载:c++修改文件(夹)的用户访问权限程序代码
- 修改文件(夹)的用户访问权限的程序代码
- [添加用户]解决useradd 用户后没有添加用户Home目录的情况,Linux改变文件或目录的访问权限命令,linux修改用户密码,usermod的ysuum安装包。飞
- 存储班长信息的学生类,将Stu类的数据成员的访问权限改为private,你的程序是否能完成要求的功能?如果不行,请修改程序。请不要修改给出的代码,只能修改自己写的代码。
- Linux下C代码中修改文件访问权限
- 11周2-2项目 - 存储班长信息的学生类,将Stu类的数据成员的访问权限改为private,你的程序是否能完成要求的功能?如果不行,请修改程序。请不要修改给出的代码,只能修改自己写的代码。
- 解决useradd 用户后没有添加用户Home目录的情况,Linux改变文件或目录的访问权限命令,linux修改用户密码
- 如何实现Windows系统Users组用户可修改IP属性和限制Users组用户访问文件的权限!
- 让XP HOME使用组策略、本地用户和组、安全策略以及文件访问权限的修改
- [添加用户]解决useradd 用户后没有添加用户Home目录的情况,Linux改变文件或目录的访问权限命令,linux修改用户密码
- 《Windows服务器配置与管理》 服务器上用户访问文件权限设置
- 当程序用ado的jet4.0方式连接的时候,对于设有access数据库密码的mdb的访问居然报错“无法启动应用程序,工作组信息文件丢失,或是已被其他用户已独占方式打开”,而用odbc方式不报错,小阴沟里翻船,郁闷中然后查文档解决之
- Linux chmod命令修改文件与文件夹权限命令代码
- android中通过代码实现文件权限修改
- LINUX下的用户访问授权,文件权限
- samba需求,请建一个目录,所有用户都可以修改其中的任意文件(新建文件的权限问题)
- 『Bash Script』忽略权限问题-强制修改保存普通用户只读文件_knityster -=编织者=-_百度空间
- C#修改文件或文件夹的权限,为指定用户、用户组添加完全控制权限
- php后台多用户权限组思路与实现程序代码