CoBrad
11th December 2007 14:51 UTC

AccessControl: Change Inheritance without copying inherited permissions
I'm working on an installer which needs to have specific permissions set on a directory. This works well using the "DisableFileInheritance" function, except for one specific thing in my case.

The DisableFileInheritance function seems to use the newer "SetNamedSecurityInfo" function, and the behavior of this is that, when disabling inheritance, it automatically makes copies of the permissions that were being inherited. My desired behavior is to not do this, and to only end up with the properties that have been specified on that directory.

Has anyone run into this and come up with a solution?

kichik
12th December 2007 17:39 UTC

Won't calling AccessControl::ClearOnFile on the directory do the trick?

CoBrad
12th December 2007 18:58 UTC

D'OH! I didn't even see those new API's that were added. Guess the wiki wasn't completely up to date.

Anyway, thanks for the pointer. Looks like that'll work if I do:

DisableFileInheritance <dir> // This will copy the currently inherited permissions, making them non-inherited.
ClearOnFile <Administrators group> <dir> // This will remove all non-inherited permissions and replace it with just these permissions
// Add other permissions that I want.

A little bit of a roundabout way to do it, but it ends up working just fine.

Thanks again for the tip!

kichik
12th December 2007 19:07 UTC

Well, I actually took those from the Wiki page. Where is it not up-to-date?

Afrow UK
12th December 2007 19:32 UTC

Yeh that page does need updating. It's missing the functions from under the Functions heading.

CoBrad, that is the way to do it!

Stu