I am trying to run some processes to tidy up our SAN storage. A couple of the things I am struggling with are :
1) Checking the security of the folder properties to check who the owner is
2) Checking the security of the folder to check if "Inherit" is ticked
3) Search a text file for specific text
I already have a process to run SETACL to fix ownership and permissions, however this will run regardless. What I want to do is first check the Ownership and permissions before I run the process.
With regards to the 3rd point, the SETACL pipes the results to a text file, so I want to be able to search the text file after the command runs to check for "access is denied" (which occurs when attempting to set ownership back to a user that does not have enough quota disk space).
Now! That would be even better, if anyone knows how i could include a process to increase the disk quota to an amount just above the size of the users folder
Although not essential, as i'm not expecting too many of these 
From this I can create a seperate log file of the quota's that I need to increase.
Does anyone know of any classes that can obtain security items, or if there is any other way to access these security items I can't see anything in the filesystem class. And also how to search a text file for specific text.
Any help would be appreciated
Thanks In Advance
Andy Perry
checking properties of folders
Alex Thomas
Chuck Crisler
Since I didn't know the format of your file, I couldn't exactly tailor the search code to do exactly what you want, it's just a close model of what you want.
I started to look at the inheritance thing.... but I was a little tired... and had other things on my plate.... perhaps today....
Vincent_Yu
Filipo
Your an absolute life saver
I get frustrated trying to search, as I can spend half an hour wondering how things will be worded in the help files
Anyway now that I have had my 2 pence worth, I will try the code. Just hope that when I get to checking the inheritance bit, i find that one a little easier LOL
Thank You again for your help and info, and I'm glad the Pizza was good
Cheers
Andy
cccccc
I'm gonna have another look into all this this afternoon, so I'll let you know how i get on.
Changing my documentation at the moment as my code has changed a lot so I thought I had better update my design docs before it ends up looking like Spaghetti Junction LOL
I'll keep you updated on my progress
Cheers
Andy
John Horstkamp
I'll have something for you in a few..........
FATSO
Hi,
For 1 and 2, I think you can use FileSecurity class (http://msdn2.microsoft.com/en-us/library/hdwe2zfh) or DirectorySecurity class (http://msdn2.microsoft.com/en-us/library/23c9e959(en-US,VS.80).aspx). If the link does not work, you can search for the class at http://msdn2.microsoft.com.
For 3, you can use My.Computer.FileSystem.FindInFiles to see if the log file contains the text. Or you can use StreamReader to read lines from the log file and check if the string contains the text.
Hope this helps,
Dustin Smithers
I was a VMS Engineer for years and I avoided this domain like the plague. I can see why.
OK... here's what I've discerned so far.
We're interested in the field...
system.security.accesscontrol.controlflags
There will be a bit in the field called:
SystemAclAutoInherited ( As far as I can see)
Ordinarily in any other computing field this would be child's play. But not as far as I discern here.
Control flags is a field in the Security Descriptor......
This is where things become less than clearly defined......
There are two possible forms of the the security descriptor:
The first is an array of bytes: That looks exactly like this:
0.) 1
1.) 0
2.) 4
3.) 128
4.) 20
5.) 0
6.) 0
7.) 0
8.) 48
9.) 0
10.) 0
11.) 0
12.) 0
13.) 0
14.) 0
15.) 0
16.) 76
17.) 0
18.) 0
19.) 0
20.) 1
21.) 5
22.) 0
23.) 0
24.) 0
25.) 0
26.) 0
27.) 5
28.) 21
29.) 0
30.) 0
31.) 0
32.) 67
33.) 23
34.) 10
35.) 50
36.) 131
37.) 61
38.) 43
39.) 70
40.) 7
41.) 229
42.) 59
43.) 43
44.) 235
45.) 3
46.) 0
47.) 0
48.) 1
49.) 5
50.) 0
51.) 0
52.) 0
53.) 0
54.) 0
55.) 5
56.) 21
57.) 0
58.) 0
59.) 0
60.) 67
61.) 23
62.) 10
63.) 50
64.) 131
65.) 61
66.) 43
67.) 70
68.) 7
69.) 229
70.) 59
71.) 43
72.) 1
73.) 2
74.) 0
75.) 0
76.) 2
77.) 0
78.) 160
79.) 0
80.) 6
81.) 0
82.) 0
83.) 0
84.) 0
85.) 16
86.) 24
87.) 0
88.) 255
89.) 1
90.) 31
91.) 0
92.) 1
93.) 2
94.) 0
95.) 0
96.) 0
97.) 0
98.) 0
99.) 5
100.) 32
101.) 0
102.) 0
103.) 0
104.) 32
105.) 2
106.) 0
107.) 0
108.) 0
109.) 16
110.) 20
111.) 0
112.) 255
113.) 1
114.) 31
115.) 0
116.) 1
117.) 1
118.) 0
119.) 0
120.) 0
121.) 0
122.) 0
123.) 5
124.) 18
125.) 0
126.) 0
127.) 0
128.) 0
129.) 16
130.) 36
131.) 0
132.) 255
133.) 1
134.) 31
135.) 0
136.) 1
137.) 5
138.) 0
139.) 0
140.) 0
141.) 0
142.) 0
143.) 5
144.) 21
145.) 0
146.) 0
147.) 0
148.) 67
149.) 23
150.) 10
151.) 50
152.) 131
153.) 61
154.) 43
155.) 70
156.) 7
157.) 229
158.) 59
159.) 43
160.) 235
161.) 3
162.) 0
163.) 0
164.) 0
165.) 16
166.) 24
167.) 0
168.) 169
169.) 0
170.) 18
171.) 0
172.) 1
173.) 2
174.) 0
175.) 0
176.) 0
177.) 0
178.) 0
179.) 5
180.) 32
181.) 0
182.) 0
183.) 0
184.) 33
185.) 2
186.) 0
187.) 0
188.) 0
189.) 16
190.) 24
191.) 0
192.) 4
193.) 0
194.) 0
195.) 0
196.) 1
197.) 2
198.) 0
199.) 0
200.) 0
201.) 0
202.) 0
203.) 5
204.) 32
205.) 0
206.) 0
207.) 0
208.) 33
209.) 2
210.) 0
211.) 0
212.) 0
213.) 16
214.) 24
215.) 0
216.) 2
217.) 0
218.) 0
219.) 0
220.) 1
221.) 2
222.) 0
223.) 0
224.) 0
225.) 0
226.) 0
227.) 5
228.) 32
229.) 0
230.) 0
231.) 0
232.) 33
233.) 2
234.) 0
235.) 0
The security descriptor is also available in an SDDL form
O:S-1-5-21-839522115-1177238915-725345543-1003G:S-1-5-21-839522115-1177238915-725345543-513D:(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;FA;;;S-1-5-21-839522115-1177238915-725345543-1003)(A;ID;0x1200a9;;;BU)(A;ID;LC;;;BU)(A;ID;DC;;;BU)"
Erm..... what's missing is
The field identifying the control flags. I can't see to find any definition of that at all
Hmmmmm though ... there is one field in there that looks like a single integer....hmmmmm
kefeng
Thanks for your reply.
I have now found the GetOwner Method, however, the help topics on this are a bit vague (Or I am a bit thick
What is the "group" that is being referred to
This is my code that I have used to connect, so far...
**************************
Dim
Foldername As StringFoldername = "c:\My Documents"
Dim dinfo As New DirectoryInfo(Foldername) Dim results Dim dsecurity As DirectorySecurity = dinfo.GetAccessControl()results = dsecurity.GetOwner()
**************************
What I am stuck on is the bit in the brackets that is asking for the primary group. What is this group
Hope you can help.
Thanks In Advance
Andy Perry
truittjl
Here is the text file searching code. It does something a little more complicated than you may require. It will handle mutliple occurrences of the search string in the same file. The solution would look a little different especially around the read itself.
Anyway... here is the code:
Public
Class Form1 Protected Structure LogInfo Public lineNumber As String Public User As String Public ErrMessage As String End Structure Dim MsgPkt As LogInfo
Private Sub Form1_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Dim i As Integer Dim foo As New ArrayList Dim filespec As String = "D:\TestdIR\log.txt"textbox1.Multiline = True
"Session: retrieve") For i = 0 To foo.Count - 1 If MsgPkt.errmessage = "" Then "Line No: " & MsgPkt.lineNumber & " String: " & _foo = DeniedList(filespec,
MsgPkt.User
Else "Error Opening: " & filespec & ". The error was: " & _vbCrLf & MsgPkt.ErrMessage
End If Next
End Sub Public Function DeniedList(ByVal Filespec As String, ByVal Instring As String) As ArrayList Dim file As System.IO.StreamReader Dim Inbuf As String Dim count As Integer Dim Dummy As New ArrayListDummy.Clear()
DeniedList = Dummy
Try My.Computer.FileSystem.OpenTextFileReader(Filespec)Catch ex As Exception With MsgPkt "N/A"
.User =
"File Access Error on file " & Filespec.ErrMessage = ex.Message
End WithDeniedList.Add(MsgPkt)
GoTo Common_exit End Try While Not file.EndOfStreamcount += 1
Inbuf = file.ReadLine
If Inbuf.Contains(Instring) Then With MsgPkt CInt(count).User = Inbuf
.ErrMessage =
"" End WithDeniedList.Add(MsgPkt)
End If End WhileFileClose_Exit:
file.Close()
file =
NothingCommon_Exit: End Function
End
ClassThis was the output I found in the textbox the first time I ran it:
Error Opening: C:\Temp\log.txt. The error was:
Could not find file 'C:\Temp\log.txt'.
---------------------------------------
This was a good thing because the file was actually on Drive D: in an entirely different directory. :)
This was the output when I corrected the Filespec :)
Line No: 9 String: 2005-09-10 23:11:48,750 [ DEBUG] DataPump.Session: retrieve
Line No: 20 String: 2005-09-10 23:12:48,500 [ DEBUG] DataPump.Session: retrieve
Line No: 21 String: 2005-09-10 23:12:48,530 [ INFO] DataPump.Session: retrieve OK, state is Free user
Good Luck !!!!!!
Larry Robinson
In the Main class the imports are:
Imports
SystemImports
System.IOImports
System.Security.AccessControlRoutine:
Private Function OwnerIs(Byval FileSpec as string) as string
scal As New SystemAcl(True, True, 10) Dim fSecurity As FileSecurity = File.GetAccessControl(FileSpec) Dim IR As System.Security.Principal.IdentityReference
IR = fSecurity.GetOwner(System.Type.GetType(
"System.Security.Principal.NTAccount")) OwnerIs = IR.Valueend function
------------------------------------------------------
Copied from the debugger:
TheINearlyKilledMyselfGettingThisOne = "BLISS\Renee"
If I change the filename to "C:\documents and Settings" the result becomes:
TheINearlyKilledMyselfGettingThisOne = "BUILTIN\Administrators"
I wish I could say this one was easy. Certainly the documentation was very little help. There was just no documentation on getting a file owner. So I studied and studied the object browser and out of desperation found a routine that converted a string describing a datatype into a system type. I'd been trying things like that for hours and I never dreamed it would work.
It also amazes me to no end that you can research something to the ends of the earth and all you have to show in the end is .... one line of code. :(
I also must confess that the Pizza was good but didn't help much....
Adam Dustonnnn
I keep learning more about this.....
There are three kinds of security descriptors.
There there is the common, the generic and file security descriptors. Notice that in beginning with a file security desciptor we have begun with the specific case and not a generic case.
These classes are heirrarchicalized with supporting routines that make it easy to go from the generic to the specific. There set are "setfrom" both binary or sddl conversion routines.
However there are no corresponding routines to convert from the specific file security desciptor to the generic descriptors.
Why is this interesting at all
It's interesting because it appears that the generic desciptors expose the the control and inheritance flags but the file security one do not.
Right about now, pizza left over from yesterday is really looking good.
FreshByte
It's rare that I become as frustrated as I am.
As a point of interest, about two hours ago I began playing with this. I ran into exactly what you did. That identity type, when I began researching it, is a derived system type.
As I started to play with the identityreference collection to use as an argument, my IDE locked up as it does from time to time and I had to terminate the process with the taskmanager.
The documentation in this area for Beta II anyway is awful. All the examples that I saw are about setting ACL's and directory owner. There were no materials about getting the owner, anywhere in the documentation could I find. I absolutely took the object browser apart in research this before the IDE crashed.
I did find this:
Public Class IdentityReferenceCollection
Inherits
System.ObjectMember of:
System.Security.PrincipalSummary:
Represents a collection of System.Security.Principal.IdentityReference objects and provides a means of converting sets of System.Security.Principal.IdentityReference-derived objects to System.Security.Principal.IdentityReference-derived types.
It seems to me the 'trick' or art here is to find the derived type - that is correct and that looks like a system type for the getowner method.
At this instant... I don't know how to do that.
When I come up against an impasse such as this, I recommend Mushroom, sausage and pepperoni pizza. I am going to take my own advice and order one and return to think about this.
Renee
Todder
so to find out if a folder is inherited, how would i code...
dim inherit as system.security.accesscontrol.aceflags
if inherit = aceflags.inherited then .............
how do i fit in the foldername with this. In otherwords how do i tell it which foldername to check for being inherited If i add the foldername in brackets, it says it is not allowed with array, (or something to that effect)
Sorry, if I am not understanding correctly, however I am new to all this and it is the first time I have ever tried to communicate with folder properties
Thanks
Andy