设置everyone完全控制最简单,如果你想设置分离的各种控制,那么真是麻烦了 var sd:SECURITY_DESCRIPTOR; begin InitializeSecurityDescriptor(@sd,SECURITY_DESCRIPTOR_REVISION); SetSecurityDescriptorDacl(@sd,true,nil,false); SetFileSecurity('文件名或者目录名',DACL_SECURITY_INFORMATION,@sd); end; 如果要设置目录和目录下的所有文件,那么要一个一个设置 -------别人写的开新贴要到小类区,就是非技术区、数据库...等等
xiaoxiao197821 我要的是自定义用户。不是简单的这个。。
磁盘格式必须用NTF格式。 用了NTF格式后,自然有菜单给你选择。
const ACL_REVISION = 2; ACL_REVISION2 = 2; netapi32lib = 'Netapi32.dll';Type NET_API_STATUS = Integer; PShare_Info_502 = ^TShare_Info_502; TShare_Info_502 = record shi502_netName: PWideChar; shi502_type: DWORD; shi502_re: PWideChar; shi502_permissions: DWORD; shi502_max_uses: DWORD; shi502_current_uses : DWORD; shi502_path: PWideChar; shi502_passwd: PWideChar; shi502_reserved: DWORD; shi502_security_descriptor: PSECURITY_DESCRIPTOR; end; ACE_HEADER = record AceType: Byte; AceFlags: Byte; AceSize: Word; end; ACCESS_ALLOWED_ACE = record Header:ACE_HEADER; Mask:ACCESS_MASK; SidStart:DWORD; end; ACL_SIZE_INFORMATION = record AceCount: DWORD; AclBytesInUse: DWORD; AclBytesFree: DWORD; end; PACE_HEADER = ^ACE_HEADER;function NetApiBufferFree(Buffer: Pointer): NET_API_STATUS; stdcall external netapi32lib; function NetShareGetInfo(servername: LPWSTR; netname: LPWSTR; level: DWORD; var butptr: Pointer): NET_API_STATUS; stdcall; external netapi32lib; function NetShareSetInfo(servername: LPWSTR; netname: LPWSTR; leve: DWORD; const buf: Pointer; parm_err: PDWORD): NET_API_STATUS; stdcall; external netapi32lib; function AddFileAccesRights(const FileName, UserName: string; dwAccessMask: DWORD): boolean; var // SID variables snuType : SID_NAME_USE; szDomain : PChar; cbDomain: DWORD; pUserSID: Pointer; cbUserSID: DWORD; // File SD variables. pFileSD: PSECURITY_DESCRIPTOR; cbFileSD: DWORD; // New SD variables. pNewSD: PSECURITY_DESCRIPTOR; // ACL variables. p_ACL : PACL; fDaclPresent, fDaclDefaulted : LongBool; AclInfo: ACL_SIZE_INFORMATION; // New ACL variables. pNewACL : PACL; cbNewACL: DWORD; // Temporary ACE. pTempAce: Pointer; CurrentAceIndex : Cardinal; begin szDomain := nil; cbDomain := 0; pUserSID := nil; cbUserSID := 0; pFileSD := nil; cbFileSD := 0; pNewSD := nil; p_ACL := nil; pNewACL := nil; pTempAce := nil; // // STEP 1: Get SID for given user. // Result := LookupAccountName(nil, PChar(UserName), pUserSID, cbUserSID, szDomain, cbDomain, snuType); // API should have failed with insufficient buffer. if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then RaiseLastWin32Error; pUserSID := AllocMem(cbUserSID); szDomain := AllocMem(cbDomain); try Result := LookupAccountName(nil, PChar(UserName), pUserSID, cbUserSID, szDomain, cbDomain, snuType); if (not Result) then RaiseLastWin32Error; // STEP 2: Get security descriptor (SD) for file. Result := GetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION, pFileSD, 0, cbFileSD); if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then RaiseLastWin32Error; pFileSD := AllocMem(cbFileSD); Result := GetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION, pFileSD, cbFileSD, cbFileSD); if (not Result) then RaiseLastWin32Error; // STEP 3: Initialize new SD. pNewSD := AllocMem(cbFileSD); // Should be same size as FileSD. if (not InitializeSecurityDescriptor(pNewSD, SECURITY_DESCRIPTOR_REVISION)) then RaiseLastWin32Error; // STEP 4: Get DACL from SD. if (not GetSecurityDescriptorDacl(pFileSD, fDaclPresent, p_ACL, fDaclDefaulted)) then RaiseLastWin32Error; // STEP 5: Get size information for DACL. AclInfo.AceCount := 0; // Assume NULL DACL. AclInfo.AclBytesFree := 0; AclInfo.AclBytesInUse := SizeOf(ACL); if (fDaclPresent and Assigned(p_ACL)) then begin if (not GetAclInformation(p_ACL^, @AclInfo, SizeOf(ACL_SIZE_INFORMATION), AclSizeInformation)) then RaiseLastWin32Error; // STEP 6: Compute size needed for the new ACL. cbNewACL := AclInfo.AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE) + GetLengthSid(pUserSID) - SizeOf(DWORD); // STEP 7: Allocate memory for new ACL. pNewACL := AllocMem(cbNewACL); // STEP 8: Initialize the new ACL. if (not InitializeAcl(pNewACL^, cbNewACL, ACL_REVISION2)) then RaiseLastWin32Error; // STEP 9: If DACL is present, copy it to a new DACL. if (fDaclPresent) then begin // STEP 10: Copy the file's ACEs to the new ACL. if (AclInfo.AceCount > 0) then begin for CurrentAceIndex := 0 to AclInfo.AceCount - 1 do begin // STEP 11: Get an ACE. if (not GetAce(p_ACL^, CurrentAceIndex, pTempAce)) then RaiseLastWin32Error; // STEP 12: Add the ACE to the new ACL. if (not AddAce(pNewACL^, ACL_REVISION, MAXDWORD, pTempAce, PACE_HEADER(pTempAce)^.AceSize)) then RaiseLastWin32Error; end end end; // STEP 13: Add the access-allowed ACE to the new DACL. if (not AddAccessAllowedAce(pNewACL^, ACL_REVISION2, dwAccessMask, pUserSID)) then RaiseLastWin32Error; // STEP 14: Set the new DACL to the file SD. if (not SetSecurityDescriptorDacl(pNewSD, True, pNewACL, False)) then RaiseLastWin32Error; // STEP 15: Set the SD to the File. if (not SetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION, pNewSD)) then RaiseLastWin32Error; Result := True; end; finally // STEP 16: Free allocated memory if Assigned(pUserSID) then FreeMem(pUserSID); if Assigned(szDomain) then FreeMem(szDomain); if Assigned(pFileSD) then FreeMem(pFileSD); if Assigned(pNewSD) then FreeMem(pNewSD); if Assigned(pNewACL) then FreeMem(pNewACL); end; end; //来子何方,记不清楚了。
var
sd:SECURITY_DESCRIPTOR;
begin
InitializeSecurityDescriptor(@sd,SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(@sd,true,nil,false);
SetFileSecurity('文件名或者目录名',DACL_SECURITY_INFORMATION,@sd);
end;
如果要设置目录和目录下的所有文件,那么要一个一个设置
-------别人写的开新贴要到小类区,就是非技术区、数据库...等等
用了NTF格式后,自然有菜单给你选择。
ACL_REVISION = 2;
ACL_REVISION2 = 2;
netapi32lib = 'Netapi32.dll';Type
NET_API_STATUS = Integer; PShare_Info_502 = ^TShare_Info_502;
TShare_Info_502 = record
shi502_netName: PWideChar;
shi502_type: DWORD;
shi502_re: PWideChar;
shi502_permissions: DWORD;
shi502_max_uses: DWORD;
shi502_current_uses : DWORD;
shi502_path: PWideChar;
shi502_passwd: PWideChar;
shi502_reserved: DWORD;
shi502_security_descriptor: PSECURITY_DESCRIPTOR;
end; ACE_HEADER = record
AceType: Byte;
AceFlags: Byte;
AceSize: Word;
end; ACCESS_ALLOWED_ACE = record
Header:ACE_HEADER;
Mask:ACCESS_MASK;
SidStart:DWORD;
end; ACL_SIZE_INFORMATION = record
AceCount: DWORD;
AclBytesInUse: DWORD;
AclBytesFree: DWORD;
end; PACE_HEADER = ^ACE_HEADER;function NetApiBufferFree(Buffer: Pointer): NET_API_STATUS; stdcall external netapi32lib;
function NetShareGetInfo(servername: LPWSTR; netname: LPWSTR; level: DWORD;
var butptr: Pointer): NET_API_STATUS; stdcall; external netapi32lib;
function NetShareSetInfo(servername: LPWSTR; netname: LPWSTR; leve: DWORD;
const buf: Pointer; parm_err: PDWORD): NET_API_STATUS; stdcall; external netapi32lib;
function AddFileAccesRights(const FileName, UserName: string;
dwAccessMask: DWORD): boolean;
var
// SID variables
snuType : SID_NAME_USE;
szDomain : PChar;
cbDomain: DWORD;
pUserSID: Pointer;
cbUserSID: DWORD;
// File SD variables.
pFileSD: PSECURITY_DESCRIPTOR;
cbFileSD: DWORD;
// New SD variables.
pNewSD: PSECURITY_DESCRIPTOR;
// ACL variables.
p_ACL : PACL;
fDaclPresent, fDaclDefaulted : LongBool;
AclInfo: ACL_SIZE_INFORMATION;
// New ACL variables.
pNewACL : PACL;
cbNewACL: DWORD;
// Temporary ACE.
pTempAce: Pointer;
CurrentAceIndex : Cardinal;
begin
szDomain := nil;
cbDomain := 0;
pUserSID := nil;
cbUserSID := 0;
pFileSD := nil;
cbFileSD := 0;
pNewSD := nil;
p_ACL := nil;
pNewACL := nil;
pTempAce := nil; //
// STEP 1: Get SID for given user.
//
Result := LookupAccountName(nil, PChar(UserName),
pUserSID, cbUserSID, szDomain, cbDomain, snuType); // API should have failed with insufficient buffer.
if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
RaiseLastWin32Error; pUserSID := AllocMem(cbUserSID);
szDomain := AllocMem(cbDomain);
try
Result := LookupAccountName(nil, PChar(UserName),
pUserSID, cbUserSID, szDomain, cbDomain, snuType); if (not Result) then
RaiseLastWin32Error; // STEP 2: Get security descriptor (SD) for file.
Result := GetFileSecurity(PChar(FileName),
DACL_SECURITY_INFORMATION, pFileSD, 0, cbFileSD); if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
RaiseLastWin32Error; pFileSD := AllocMem(cbFileSD); Result := GetFileSecurity(PChar(FileName),
DACL_SECURITY_INFORMATION, pFileSD, cbFileSD, cbFileSD);
if (not Result) then
RaiseLastWin32Error; // STEP 3: Initialize new SD.
pNewSD := AllocMem(cbFileSD); // Should be same size as FileSD. if (not InitializeSecurityDescriptor(pNewSD,
SECURITY_DESCRIPTOR_REVISION)) then
RaiseLastWin32Error; // STEP 4: Get DACL from SD.
if (not GetSecurityDescriptorDacl(pFileSD, fDaclPresent, p_ACL,
fDaclDefaulted)) then
RaiseLastWin32Error;
// STEP 5: Get size information for DACL.
AclInfo.AceCount := 0; // Assume NULL DACL.
AclInfo.AclBytesFree := 0;
AclInfo.AclBytesInUse := SizeOf(ACL); if (fDaclPresent and Assigned(p_ACL)) then
begin
if (not GetAclInformation(p_ACL^, @AclInfo,
SizeOf(ACL_SIZE_INFORMATION), AclSizeInformation)) then
RaiseLastWin32Error; // STEP 6: Compute size needed for the new ACL.
cbNewACL := AclInfo.AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE)
+ GetLengthSid(pUserSID) - SizeOf(DWORD); // STEP 7: Allocate memory for new ACL.
pNewACL := AllocMem(cbNewACL); // STEP 8: Initialize the new ACL.
if (not InitializeAcl(pNewACL^, cbNewACL, ACL_REVISION2)) then
RaiseLastWin32Error;
// STEP 9: If DACL is present, copy it to a new DACL.
if (fDaclPresent) then
begin
// STEP 10: Copy the file's ACEs to the new ACL.
if (AclInfo.AceCount > 0) then
begin
for CurrentAceIndex := 0 to AclInfo.AceCount - 1 do
begin
// STEP 11: Get an ACE.
if (not GetAce(p_ACL^, CurrentAceIndex, pTempAce)) then
RaiseLastWin32Error;
// STEP 12: Add the ACE to the new ACL.
if (not AddAce(pNewACL^, ACL_REVISION, MAXDWORD, pTempAce,
PACE_HEADER(pTempAce)^.AceSize)) then
RaiseLastWin32Error;
end
end
end; // STEP 13: Add the access-allowed ACE to the new DACL.
if (not AddAccessAllowedAce(pNewACL^, ACL_REVISION2, dwAccessMask,
pUserSID)) then
RaiseLastWin32Error; // STEP 14: Set the new DACL to the file SD.
if (not SetSecurityDescriptorDacl(pNewSD, True, pNewACL, False)) then
RaiseLastWin32Error; // STEP 15: Set the SD to the File.
if (not SetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION,
pNewSD)) then
RaiseLastWin32Error;
Result := True;
end;
finally
// STEP 16: Free allocated memory
if Assigned(pUserSID) then
FreeMem(pUserSID);
if Assigned(szDomain) then
FreeMem(szDomain);
if Assigned(pFileSD) then
FreeMem(pFileSD);
if Assigned(pNewSD) then
FreeMem(pNewSD);
if Assigned(pNewACL) then
FreeMem(pNewACL);
end;
end;
//来子何方,记不清楚了。