问题描述

我需要以编程方式创建一个目录，该目录将完全控制授予组所有人。如果我使用

I need to programmatically create a directory that grants "Full Control" to the group "Everyone". If I use

CreateDirectory(path, NULL);

根据Win32 SDK ，创建一个从其父目录继承的目录。我不想继承父目录的访问权限，我需要确保每个人都拥有对该目录的完全控制权。

This will, according to the Win32 SDK documentation, create a directory that inherits from its parent directory. I do not want to inherit the access rights of the parent directory I need to ensure that "Everyone" has full control over the directory.

显然，这需要进行设置 SECURITY_ATTRIBUTES 结构以及相应的安全描述符。我该怎么做？

Obviously, this will require setting up the SECURITY_ATTRIBUTES structure with the appropriate security descriptor. How do I do that?

推荐答案

以下是一种可行的方法：

Here's one technique that seems to work:

SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
PSID everyone_sid = NULL;
AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID,
   0, 0, 0, 0, 0, 0, 0, &everyone_sid);

EXPLICIT_ACCESS ea;
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL;
ea.grfAccessMode = SET_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.ptstrName  = (LPWSTR)everyone_sid;

PACL acl = NULL;
SetEntriesInAcl(1, &ea, NULL, &acl);

PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR,
                                   SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE);

SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = sd;
sa.bInheritHandle = FALSE;

CreateDirectory(path, &sa);

FreeSid(everyone_sid);
LocalFree(sd);
LocalFree(acl);

请注意，此示例代码绝对没有错误检查-您必须自己提供。

Note that this sample code has absolutely no error checking -- you'll have to supply that yourself.

这篇关于如何创建授予所有人的所有权限的目录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！