tags:

views:

429

answers:

2
Q: 

How to create read-only network share programmatically?

How does one create an administrative network share [1] with read-only permissions from C/C++ or Python under Windows XP?

[1] Necessary in order to access C:\Program Files over the share.

A: 

Take a look at NetShareAdd() for C/C++ (the MSDN includes an example program at the end of the page).

GRB  2009-08-19 18:14:33
NetShareAdd() won't let you set permissions. The example uses no permissions.
Gili  2009-08-19 19:07:56
The example chooses not to, but you can. Check the info page on the SHARE_INFO_2 structure, there's a permissions member which can be set to ACCESS_READ. http://msdn.microsoft.com/en-us/library/bb525408(VS.85).aspx
GRB  2009-08-19 19:12:25
We tried that. If you look at the documentation for the "shi2_permissions" field it reads "Note that Windows does not support share-level security". Maybe it's possible to do this with SHARE_INFO_502 instead? Any idea how to create read-only security descriptors for it?
Gili  2009-08-19 19:19:22
Check this Experts-Exchange question, in the end the guy was able to make his shared folder read-only using SHARE_INFO_2 and ACCESS_READ (the problem he has is probably different from yours, but in the end ACCESS_READ still seems to work) http://www.experts-exchange.com/Programming/System/Windows__Programming/Q_20148288.html
GRB  2009-08-19 19:25:57
(sorry, I guess directly linking to experts-exchange hides the answers... search google for "sharing a folder programmatically" and it's the third/fourth option from the top -- "Programmatically sharing a folder !")
GRB  2009-08-19 19:36:43
A: 

First create the share with NetShareAdd(). This will share the directory with a null ACL, which is equavalent to allowing everyone full access. It is not possible to configure permissions with NetShareAdd on Windows.

Once the share has been created, get the security descriptor for the share by calling GetNamedSecurityInfoW() passing in the share name, SE_LMSHARE as the ObjectType, and DACL_SECURITY_INFORMATION as the SecurityInfo. Once you have the descriptor, use the normal Windows security calls to configure the ACL.

glob  2010-02-19 01:40:31

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security