Windows/C++
Looking for some recommendations on how to reset the security attributes on a file after it's been moved to a new folder.
Our standard way of creating files (and download from the server) is to create the file in a temporary folder, then as the file streams down, the file is appended. Once the download is completed, we move the file to it's final destination.
MoveFile() will transfer the security on the file when the file is moved. In certain configuration this causes a problem -- where the security defaults of final folder don't match the original folder. We cannot mess with folder security....
So, ultimately, I would like to perform an operation on the file after I move it. My current thinking is that I should fetch the security attributes of the folder it goes into, and then apply to the file after the move is completed.
To expand on Harry's answer, here is the full code:
// blank acl used to restore permissions after a file move
ACL g_null_acl = { 0 };
InitializeAcl(&g_null_acl, sizeof(g_null_acl), ACL_REVISION);
DWORD error = SetNamedSecurityInfo(file_path, SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION,
NULL, NULL, (PACL)&g_null_acl, NULL);
Keep in mind that calling SetNamedSecurityInfo
(in this instance) requires SE_RESTORE_NAME
privileges, so it cannot be called from a service running as Network Service (or Local Service), as they have limited permissions.
Use SetNamedSecurityInfo
with the UNPROTECTED_DACL_SECURITY_INFORMATION
flag. Just pass an empty ACL to remove the entries the file got from its previous parent. This would look something like this:
error = SetNamedSecurityInfo(
path_to_file,
SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION,
NULL,
NULL,
empty_acl,
NULL);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With