checking properties of folders

Hi all,

I am trying to run some processes to tidy up our SAN storage. A couple of the things I am struggling with are :

1)   Checking the security of the folder properties to check who the owner is

2)   Checking the security of the folder to check if "Inherit" is ticked

3)   Search a text file for specific text

I already have a process to run SETACL to fix ownership and permissions, however this will run regardless. What I want to do is first check the Ownership and permissions before I run the process.

With regards to the 3rd point, the SETACL pipes the results to a text file, so I want to be able to search the text file after the command runs to check for "access is denied" (which occurs when attempting to set ownership back to a user that does not have enough quota disk space).

Now! That would be even better, if anyone knows how i could include a process to increase the disk quota to an amount just above the size of the users folder Idea

Although not essential, as i'm not expecting too many of these Big Smile

From this I can create a seperate log file of the quota's that I need to increase.

Does anyone know of any classes that can obtain security items, or if there is any other way to access these security items I can't see anything in the filesystem class. And also how to search a text file for specific text.

Any help would be appreciated

Thanks In Advance

Andy Perry

Answer this question

checking properties of folders

pra_30
Ya know....

I was a VMS Engineer for years and I avoided this domain like the plague. I can see why.

OK... here's what I've discerned so far.

We're interested in the field...

system.security.accesscontrol.controlflags

There will be a bit in the field called:

SystemAclAutoInherited ( As far as I can see)

Ordinarily in any other computing field this would be child's play. But not as far as I discern here.

Control flags is a field in the Security Descriptor......

This is where things become less than clearly defined......

There are two possible forms of the the security descriptor:

The first is an array of bytes: That looks exactly like this:

0.) 1
1.) 0
2.) 4
3.) 128
4.) 20
5.) 0
6.) 0
7.) 0
8.) 48
9.) 0
10.) 0
11.) 0
12.) 0
13.) 0
14.) 0
15.) 0
16.) 76
17.) 0
18.) 0
19.) 0
20.) 1
21.) 5
22.) 0
23.) 0
24.) 0
25.) 0
26.) 0
27.) 5
28.) 21
29.) 0
30.) 0
31.) 0
32.) 67
33.) 23
34.) 10
35.) 50
36.) 131
37.) 61
38.) 43
39.) 70
40.) 7
41.) 229
42.) 59
43.) 43
44.) 235
45.) 3
46.) 0
47.) 0
48.) 1
49.) 5
50.) 0
51.) 0
52.) 0
53.) 0
54.) 0
55.) 5
56.) 21
57.) 0
58.) 0
59.) 0
60.) 67
61.) 23
62.) 10
63.) 50
64.) 131
65.) 61
66.) 43
67.) 70
68.) 7
69.) 229
70.) 59
71.) 43
72.) 1
73.) 2
74.) 0
75.) 0
76.) 2
77.) 0
78.) 160
79.) 0
80.) 6
81.) 0
82.) 0
83.) 0
84.) 0
85.) 16
86.) 24
87.) 0
88.) 255
89.) 1
90.) 31
91.) 0
92.) 1
93.) 2
94.) 0
95.) 0
96.) 0
97.) 0
98.) 0
99.) 5
100.) 32
101.) 0
102.) 0
103.) 0
104.) 32
105.) 2
106.) 0
107.) 0
108.) 0
109.) 16
110.) 20
111.) 0
112.) 255
113.) 1
114.) 31
115.) 0
116.) 1
117.) 1
118.) 0
119.) 0
120.) 0
121.) 0
122.) 0
123.) 5
124.) 18
125.) 0
126.) 0
127.) 0
128.) 0
129.) 16
130.) 36
131.) 0
132.) 255
133.) 1
134.) 31
135.) 0
136.) 1
137.) 5
138.) 0
139.) 0
140.) 0
141.) 0
142.) 0
143.) 5
144.) 21
145.) 0
146.) 0
147.) 0
148.) 67
149.) 23
150.) 10
151.) 50
152.) 131
153.) 61
154.) 43
155.) 70
156.) 7
157.) 229
158.) 59
159.) 43
160.) 235
161.) 3
162.) 0
163.) 0
164.) 0
165.) 16
166.) 24
167.) 0
168.) 169
169.) 0
170.) 18
171.) 0
172.) 1
173.) 2
174.) 0
175.) 0
176.) 0
177.) 0
178.) 0
179.) 5
180.) 32
181.) 0
182.) 0
183.) 0
184.) 33
185.) 2
186.) 0
187.) 0
188.) 0
189.) 16
190.) 24
191.) 0
192.) 4
193.) 0
194.) 0
195.) 0
196.) 1
197.) 2
198.) 0
199.) 0
200.) 0
201.) 0
202.) 0
203.) 5
204.) 32
205.) 0
206.) 0
207.) 0
208.) 33
209.) 2
210.) 0
211.) 0
212.) 0
213.) 16
214.) 24
215.) 0
216.) 2
217.) 0
218.) 0
219.) 0
220.) 1
221.) 2
222.) 0
223.) 0
224.) 0
225.) 0
226.) 0
227.) 5
228.) 32
229.) 0
230.) 0
231.) 0
232.) 33
233.) 2
234.) 0
235.) 0

The security descriptor is also available in an SDDL form

O:S-1-5-21-839522115-1177238915-725345543-1003G:S-1-5-21-839522115-1177238915-725345543-513D:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;FA;;;S-1-5-21-839522115-1177238915-725345543-1003)(A;ID;0x1200a9;;;BU)(A;ID;LC;;;BU)(A;ID;DC;;;BU)"

Erm..... what's missing is

The field identifying the control flags. I can't see to find any definition of that at all

Hmmmmm though ... there is one field in there that looks like a single integer....hmmmmm
Zeeshan Ali changazi

Here is the text file searching code. It does something a little more complicated than you may require. It will handle mutliple occurrences of the search string in the same file. The solution would look a little different especially around the read itself.

Anyway... here is the code:

Public Class Form1

Protected Structure LogInfo

Public lineNumber As String

Public User As String

Public ErrMessage As String

End Structure

Dim MsgPkt As LogInfo

Private Sub Form1_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

Dim i As Integer

Dim foo As New ArrayList

Dim filespec As String = "D:\TestdIR\log.txt"

textbox1.Multiline = True

foo = DeniedList(filespec, "Session: retrieve")

For i = 0 To foo.Count - 1

MsgPkt = foo(i)

If MsgPkt.errmessage = "" Then

TextBox1.Text = TextBox1.Text & vbCrLf & "Line No: " & MsgPkt.lineNumber & " String: " & _

MsgPkt.User

Else

TextBox1.Text = TextBox1.Text & vbCrLf & "Error Opening: " & filespec & ". The error was: " & _

vbCrLf & MsgPkt.ErrMessage

End If

Next

End Sub

Public Function DeniedList(ByVal Filespec As String, ByVal Instring As String) As ArrayList

Dim file As System.IO.StreamReader

Dim Inbuf As String

Dim count As Integer

Dim Dummy As New ArrayList

Dummy.Clear()

DeniedList = Dummy

Try

file = My.Computer.FileSystem.OpenTextFileReader(Filespec)

Catch ex As Exception

With MsgPkt

.lineNumber = "N/A"

.User = "File Access Error on file " & Filespec

.ErrMessage = ex.Message

End With

DeniedList.Add(MsgPkt)

GoTo Common_exit

End Try

While Not file.EndOfStream

count += 1

Inbuf = file.ReadLine

If Inbuf.Contains(Instring) Then

With MsgPkt

.lineNumber = CInt(count)

.User = Inbuf

.ErrMessage = ""

End With

DeniedList.Add(MsgPkt)

End If

End While

FileClose_Exit:

file.Close()

       file = Nothing

Common_Exit:

End Function

End Class

This was the output I found in the textbox the first time I ran it:

Error Opening: C:\Temp\log.txt. The error was:
Could not find file 'C:\Temp\log.txt'.

---------------------------------------

This was a good thing because the file was actually on Drive D: in an entirely different directory. :)

This was the output when I corrected the Filespec :)

Line No: 9 String: 2005-09-10 23:11:48,750 [   DEBUG] DataPump.Session: retrieve
Line No: 20 String: 2005-09-10 23:12:48,500 [   DEBUG] DataPump.Session: retrieve
Line No: 21 String: 2005-09-10 23:12:48,530 [    INFO] DataPump.Session: retrieve OK, state is Free user

Good Luck !!!!!!
Revolution
Andy,

Since I didn't know the format of your file, I couldn't exactly tailor the search code to do exactly what you want, it's just a close model of what you want.

I started to look at the inheritance thing.... but I was a little tired... and had other things on my plate.... perhaps today....
J Griffin
ok,

so to find out if a folder is inherited, how would i code...

dim inherit as system.security.accesscontrol.aceflags

if inherit = aceflags.inherited then .............

how do i fit in the foldername with this. In otherwords how do i tell it which foldername to check for being inherited If i add the foldername in brackets, it says it is not allowed with array, (or something to that effect)

Sorry, if I am not understanding correctly, however I am new to all this and it is the first time I have ever tried to communicate with folder properties

Thanks

Andy
Waheeda
Thank You Renee!!

Your an absolute life saver

I get frustrated trying to search, as I can spend half an hour wondering how things will be worded in the help files Most of the time I am looking for a class or method and without knowing the name of it, trying to search for help on it is hard, unless lucky enough to pick the right keywords that someone else has described it by. Not that this is restricted to VB!! This is searching in general.

Anyway now that I have had my 2 pence worth, I will try the code. Just hope that when I get to checking the inheritance bit, i find that one a little easier LOL

Thank You again for your help and info, and I'm glad the Pizza was good

Cheers

Andy
Rick8728
Working code would look like this:

In the Main class the imports are:

Imports System

Imports System.IO

Imports System.Security.AccessControl

Routine:

Private Function OwnerIs(Byval FileSpec as string) as string

Dim scal As New SystemAcl(True, True, 10)

Dim fSecurity As FileSecurity = File.GetAccessControl(FileSpec)

Dim IR As System.Security.Principal.IdentityReference

IR = fSecurity.GetOwner(System.Type.GetType("System.Security.Principal.NTAccount"))

OwnerIs = IR.Value

end function

------------------------------------------------------
Copied from the debugger:

TheINearlyKilledMyselfGettingThisOne = "BLISS\Renee"

If I change the filename to "C:\documents and Settings" the result becomes:

TheINearlyKilledMyselfGettingThisOne = "BUILTIN\Administrators"

I wish I could say this one was easy. Certainly the documentation was very little help. There was just no documentation on getting a file owner. So I studied and studied the object browser and out of desperation found a routine that converted a string describing a datatype into a system type. I'd been trying things like that for hours and I never dreamed it would work.

It also amazes me to no end that you can research something to the ends of the earth and all you have to show in the end is .... one line of code. :(

I also must confess that the Pizza was good but didn't help much....
tibear
Huy,

Thanks for your reply.

I have now found the GetOwner Method, however, the help topics on this are a bit vague (Or I am a bit thick ) They mention that this method gets the owner assiociated with a primary group, and that the group should be specified.

What is the "group" that is being referred to

This is my code that I have used to connect, so far...

**************************

Dim Foldername As String

Foldername = "c:\My Documents"

Dim dinfo As New DirectoryInfo(Foldername)

Dim results

Dim dsecurity As DirectorySecurity = dinfo.GetAccessControl()

results = dsecurity.GetOwner()

**************************

What I am stuck on is the bit in the brackets that is asking for the primary group. What is this group

Hope you can help.

Thanks In Advance

Andy Perry
Sue Mosher - Outlook MVP
Oh shoot.....

I'll have something for you in a few..........
tosch9

Hi,

For 1 and 2, I think you can use FileSecurity class (http://msdn2.microsoft.com/en-us/library/hdwe2zfh) or DirectorySecurity class (http://msdn2.microsoft.com/en-us/library/23c9e959(en-US,VS.80).aspx). If the link does not work, you can search for the class at http://msdn2.microsoft.com.

For 3, you can use My.Computer.FileSystem.FindInFiles to see if the log file contains the text. Or you can use StreamReader to read lines from the log file and check if the string contains the text.

Hope this helps,
Sentient
Thanks Renee.

I'm gonna have another look into all this this afternoon, so I'll let you know how i get on.

Changing my documentation at the moment as my code has changed a lot so I thought I had better update my design docs before it ends up looking like Spaghetti Junction LOL

I'll keep you updated on my progress

Cheers

Andy
Joel Miranda
Andy!!!!

It's rare that I become as frustrated as I am.

As a point of interest, about two hours ago I began playing with this. I ran into exactly what you did. That identity type, when I began researching it, is a derived system type.

As I started to play with the identityreference collection to use as an argument, my IDE locked up as it does from time to time and I had to terminate the process with the taskmanager.

The documentation in this area for Beta II anyway is awful. All the examples that I saw are about setting ACL's and directory owner. There were no materials about getting the owner, anywhere in the documentation could I find. I absolutely took the object browser apart in research this before the IDE crashed.

I did find this:

Public Class IdentityReferenceCollection

Inherits System.Object

Member of: System.Security.Principal

Summary:

Represents a collection of System.Security.Principal.IdentityReference objects and provides a means of converting sets of System.Security.Principal.IdentityReference-derived objects to System.Security.Principal.IdentityReference-derived types.

It seems to me the 'trick' or art here is to find the derived type - that is correct and that looks like a system type for the getowner method.

At this instant... I don't know how to do that.

When I come up against an impasse such as this, I recommend Mushroom, sausage and pepperoni pizza. I am going to take my own advice and order one and return to think about this.

Renee
Ricardo Tom&#233;
You can probably use the NetShareGetInfo() API, or under Active Directory using ADSI the IADsFileShare function...
jpaskett
Andy,

I keep learning more about this.....

There are three kinds of security descriptors.

There there is the common, the generic and file security descriptors. Notice that in beginning with a file security desciptor we have begun with the specific case and not a generic case.

These classes are heirrarchicalized with supporting routines that make it easy to go from the generic to the specific. There set are "setfrom" both binary or sddl conversion routines.

However there are no corresponding routines to convert from the specific file security desciptor to the generic descriptors.

Why is this interesting at all

It's interesting because it appears that the generic desciptors expose the the control and inheritance flags but the file security one do not.

Right about now, pizza left over from yesterday is really looking good.
Rusty Miller
The flags are in the ACE.
checking properties of folders

Answer this question