views:

285

answers:

2

I'm copying a file from folder A to folder B and then trying to copy the file permisions. Here are the basic steps I'm using:

  1. CopyFile(source, target)
  2. GetNamedSecurityInfo(source, GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION)
  3. Print source SD using ConvertSecurityDescriptorToStringSecurityDescriptor
  4. SetNamedSecurityInfo(target, GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION)
  5. GetNamedSecurityInfo(target, GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION)
  6. Print target SD using ConvertSecurityDescriptorToStringSecurityDescriptor

At #3 I get this SD:

G:S-1-5-21-1454471165-1482476501-839522115-513D:AI(A;ID;0x1200a9;;;BU)(A;ID;0x1301bf;;;PU)(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;FA;;;S-1-5-21-1454471165-1482476501-839522115-1004)

At #6 I get

G:S-1-5-21-1454471165-1482476501-839522115-513D:AI(A;ID;0x1301bf;;;PU)(A;ID;FA;;;BA)(A;ID;FA;;;SY)

The call to SetNamedSecurityInfo returns ERROR_SUCCESS, yet the results are the source and target file do not have the same SDs. Why is that? What am I doing wrong here?

+1  A: 

SHFileOperation can copy files together with their security attributes, but from your other question I see you're concerned that this won't work within a service. Maybe the following newsgroup discussions will provide some useful information for you:

ChrisN
Thanks for those links. Yes I can't use SHFileOperation, but not for the reason you think. It actually doesn't copy over the file's security attributes when it is just inheriting them all from the parent folder. At least, that's what my tests show.
Charles
+1  A: 

Robocopy from the server tools kit http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
Will copy all NTFS settigs and ACLs, it's also more robust and reliable than copy/xcopy

Martin Beckett
Thanks, but not really applicable since I'm trying to copy files within a C++ program I've written.
Charles