Create a dir where all the users have the right to write

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Viviana Vc - 22 Jun 2004 10:21 GMT

How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?

Thanks,
Viv

Reply to this Message

r_z_aret@pen_fact.com - 23 Jun 2004 18:14 GMT

>How can I programatically do the equivalent of the following:
>cacls "C:\Program Files\test" /T /G Everyone:f ?

I'm just getting around to a minor variant of the question. I'll be
trying to do it from an old version of InstallShield, so I plan to
call the InstallShield function to execute run an external exe. From
straight Win 32, I would try ShellExecute (simpler) and then
CreateProcess.

I've started by experimenting with a DOS prompt. So far, I can't find
a set of arguments that will eliminate all prompts.

>Thanks,
>Viv

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com

Reply to this Message

Viviana Vc - 24 Jun 2004 11:18 GMT

Hi Robert,

I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.

You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!

To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory

Maybe this helps you also (I'm now investigating the second article),
Viv

>>How can I programatically do the equivalent of the following:
>>cacls "C:\Program Files\test" /T /G Everyone:f ?
[quoted text clipped - 19 lines]
>Boston, MA 02118
>www.penfact.com

Reply to this Message

ColdShine - 24 Jun 2004 13:04 GMT

> b) - "Everyone" is localized, so it won't work on a non-english OS !!!

No, it's not localized. At least, not in the Italian version (which is what
I have); these are left untranslated:

Administrator
Administrators
Guest
Guests
Users
Power Users
Everyone
Backup Operators

These are translated:

Local Service
Network Service

... and possibily others I don't recall right now.

Signature

ColdShine

"Experience is a hard teacher: she gives the test first, the lesson
afterwards." - Vernon Sanders law

Reply to this Message

Viviana Vc - 24 Jun 2004 16:01 GMT

btw, if the directory is already created, what would be the function
that I need to call to change the directory's security attributes?

I know that I could directly create the directory with it's needed
security attributes using CreateDirectory(), but let's assume it was
already created and in this case I just need to change it's attr., what
function should I use?

Thx,
Viv

>Hi Robert,
>
[quoted text clipped - 40 lines]
>>Boston, MA 02118
>>www.penfact.com

Reply to this Message

r_z_aret@pen_fact.com - 24 Jun 2004 20:54 GMT

>Hi Robert,
>
>I also have to create this dir from within InstallShield, so first I
>tried to find if InstallShield offers a way to do this, but seems not,
>so I'll have to call an external exe to do this.

I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.

The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.

>You should be aware that calling with CreateProcess or ShellExecute the
>command:
[quoted text clipped - 34 lines]
>>Boston, MA 02118
>>www.penfact.com

Reply to this Message

Drew Myers - 24 Jun 2004 21:24 GMT

I believe the correct syntax for this is:

svWork = "cacls";
svCmd="svDir /e /g everyone:f";
LaunchAppAndWait( svWork, svCmd, WAIT );

Just a thought,
Drew

> >Hi Robert,
> >
[quoted text clipped - 62 lines]
> Boston, MA 02118
> www.penfact.com

Reply to this Message

r_z_aret@pen_fact.com - 30 Jun 2004 19:35 GMT

Success! A bit of a kludge (so suggestions welcome), but it works.

I added the following lines to my InstallShield script:
------
// SetAcc.bat is a BATch file that issues the command
// echo y| cacls %1 /e /g everyone:f
// See MSDN Knowledge Base article 135268 ("How to Use
CACLS.EXE in a BatchFile")
// Also, see 24 - 30 Jun 04 thread called
// "Create a dir where all the users have the right to write"
in
// comp.os.ms-windows.programmer.win32 and other fine
newsgroups
// The file must be in uncompressed setup files.
// svWork = SUPPORTDIR ^ "cacls.bat";
svWork = SRCDIR ^ "setacc.bat";
// BATch file will parse arg into pieces if it includes
embedded spaces
LongPathToShortPath( svDir );
if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
MessageBox( "Can't find setacc.bat", WARNING );
else
if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
MessageBox( "Attempt to set access failed", INFO );
endif;
endif;
------

Here is the "source" for setacc.bat:
------
@echo off

REM BATch file to give everyone full access to specified folder
REM - to be invoked from an InstallShield script

REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
BatchFile")
REM See also a 24-30 June 2004 thread called
REM "AlsoCreate a dir where all the users have the right to write"
REM in comp.os.ms-windows.programmer.win32 and other fine
newsgroups

REM Caller needs to put quotation marks around the argument, or pass
REM only short paths (with no embedded blanks), or it won't be
REM parsed as one argument. Thus, the following line should not.

echo y| cacls %1 /e /g everyone:f
------

I sort of want to move setacc.bat to the compressed files, so it isn't
visible on the distribution CD. But just moving it didn't work,
because then I couldn't invoke it. I vaguely remember InstallShield
functions that explicitly uncompress files, so a script could use
them. On the other hand, it could be a legitimate tool for some users.

I briefly tried writing a program, to replace the batch file. But the
functions used to control access seem too complex to be worth
conquering for this project. And that would still require an auxiliary
file. Maybe if I got that program working I could then use the same
code in an InstallShield script. Maybe someday/

>>Hi Robert,
>>
[quoted text clipped - 62 lines]
>Boston, MA 02118
>www.penfact.com

Reply to this Message

Viviana Vc - 01 Jul 2004 10:14 GMT

Hi,

As already said I chose to write an external tool that is called from
within IS:

I actually found a sample in MSDNL "Creating a DACL" where is a simple
sample that I used so my code looks like:

#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <sddl.h>
#include <stdio.h>

BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);

void main()
{
SECURITY_ATTRIBUTES sa;

sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;

if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateMyDACL\n");
exit(1);
}
if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateDirectory\n");
exit(1);
}

// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf("Failed LocalFree\n");
exit(1);
}
}

BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!

if (NULL == pSA)
return FALSE;

return ConvertStringSecurityDescriptorToSecurityDescriptor(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL);
}

HTH,
Viv

>Success! A bit of a kludge (so suggestions welcome), but it works.
>
[quoted text clipped - 132 lines]
>Boston, MA 02118
>www.penfact.com

Reply to this Message

r_z_aret@pen_fact.com - 02 Jul 2004 13:54 GMT

>Hi,
>
>As already said I chose to write an external tool that is called from
>within IS:

I missed this. To clarify, does "external tool" mean "executable
file"? If so, then that is slightly neater than using a BATch file.

Either way, thanks for posting your solution. Sure is nice to have
clear, directly related, sample code. I may try to translate the code
into something that can be used within InstallShield. And it may be
useful some place else.

>I actually found a sample in MSDNL "Creating a DACL" where is a simple
>sample that I used so my code looks like:
[quoted text clipped - 190 lines]
>>Boston, MA 02118
>>www.penfact.com

Reply to this Message

Viviana Vc - 05 Jul 2004 11:09 GMT

Hi,

Yes, the extrenal tool is an exe file.
btw, see my other post as with the cacls tool you might get in trouble
because the "Everyone" is localized, so for instance on a german system
it is "Jeder".

Viv

>>Hi,
>>
[quoted text clipped - 212 lines]
>Boston, MA 02118
>www.penfact.com

Reply to this Message

ColdShine - 05 Jul 2004 18:41 GMT

> btw, see my other post as with the cacls tool you might get in trouble
> because the "Everyone" is localized, so for instance on a german system
> it is "Jeder".

I don't think so... look at the names listed here:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;163846

on my Italian localized system, I can use all of these English user/group
names, when setting file/folder access rights. For example, I always have to
type "Administrators" instead of whatever it would translate to.

Altrough the KB refers to Windows NT4, I guess the names have been kept
backwards-compatible in following Windows versions.

Signature

ColdShine

"Experience is a hard teacher: she gives the test first, the lesson
afterwards." - Vernon Sanders law

Reply to this Message

Viviana Vc - 06 Jul 2004 13:52 GMT

Might be that you are right. I haven't tried myself, but I read about
this on other newsgroups (InstallShield newsgroups).

>> btw, see my other post as with the cacls tool you might get in trouble
>> because the "Everyone" is localized, so for instance on a german system
[quoted text clipped - 10 lines]
>Altrough the KB refers to Windows NT4, I guess the names have been kept
>backwards-compatible in following Windows versions.

Reply to this Message

Alexander Grigoriev - 06 Jul 2004 00:19 GMT

Can you use a subdirectory of All Users\Application Data?

> Hi,
>
[quoted text clipped - 221 lines]
> >Boston, MA 02118
> >www.penfact.com

Reply to this Message

Viviana Vc - 06 Jul 2004 13:56 GMT

This would have been an idea, but we wanted to have the same structure
relative to our binaries dir for all OSes, so this dir to be alway
./test (where . is let's say c:\program files\myapp). Anyhow that
directory doesn't contain vital info.

>Can you use a subdirectory of All Users\Application Data?
>
[quoted text clipped - 237 lines]
>> >Boston, MA 02118
>> >www.penfact.com

Reply to this Message

Alexander Grigoriev - 06 Jul 2004 16:19 GMT

I think All Users is there even starting from Windows 98 (it's under Windows
directory in Win9x).

> This would have been an idea, but we wanted to have the same structure
> relative to our binaries dir for all OSes, so this dir to be alway
[quoted text clipped - 242 lines]
> >> >Boston, MA 02118
> >> >www.penfact.com

Reply to this Message

Rate this thread:

Create a dir where all the users have the right to write

Free Magazines