In Windows, I have an application that needs to set the access control to the user/group 'Everybody' only. And sets permissions to Read-Only. Under Linux a Simple open() call with octal 004 permissions is sufficient. On Windows, how do I accomplish the same thing? Preferably in the call to CreateFile().
Asked
Active
Viewed 1,806 times
2
unixman83
- 9,421
- 10
- 68
- 102
-
Is there any reason not to just use the read-only attribute? – Gabe Sep 22 '11 at 02:21
-
What object are you wanting to secure? I can't discern that from your question? – David Heffernan Sep 22 '11 at 04:11
-
Gabe this is a backup application; I need to be sure the files are world-readable and not associated with any particular user. Write protection for added safety. @David I am trying to secure standard files on an NTFS volume. – unixman83 Sep 22 '11 at 05:35
1 Answers
2
Create a SECURITY_DESCRIPTOR with the proper attributes. The functions linked to from there are a good starting point for creating the proper security descriptor (it's far from trivial). This page shows a good example of creating one, including how to get the SID for the "Everybody" group (pEveryoneSID in the code).
Then, just pass in that security descriptor to CreateFile as the lpSecurityAttributes parameter.
Adam Rosenfield
- 390,455
- 97
- 512
- 589
-
1I recommend to use ATL wrappers: CSid, CAcl, CDacl, CSacl, CSecurityDesc, CSecurityAttributes. The code will be much cleaner. – Sergey Podobry Sep 22 '11 at 05:45