In Windows 7, I'm trying to give a user group the ability read/write access to a specific disk connected through SCSI so they can run a utility that reads/writes to that disk. I'm trying to do this through modifying the DACL of the disk object using SetNamedSecurityInfo using C++.
string devicePath = "\\?\scsi#disk&ven_wsi&prod_drs1100p#6&383ae3b6&0&000300#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}";
PSID ppsidOwner, ppsidGroup;
PACL ppDacl = NULL, ppSacl = NULL;
PSECURITY_DESCRIPTOR ppSecurityDescriptor = NULL;
char objName[200];
strcpy(objName, devicePath.c_str());
// Get SecurityInfo
GetNamedSecurityInfoA(objName, 1, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION, &ppsidOwner, &ppsidGroup, &ppDacl, NULL, &ppSecurityDescriptor);
// Build ACE
EXPLICIT_ACCESS str_ACE;
DWORD rightsMask = STANDARD_RIGHTS_ALL | GENERIC_ALL | GENERIC_WRITE | GENERIC_READ;
BuildExplicitAccessWithNameA(&str_ACE, "DRS Operators", rightsMask, GRANT_ACCESS, NO_INHERITANCE);
PACL newPACL;
// Set ACE then Set SecurityInfo
SetEntriesInAclA(1, &str_ACE, ppDacl, &newPACL);
SetNamedSecurityInfoA(objName, 1, DACL_SECURITY_INFORMATION, NULL, NULL, newPACL, NULL);
The code I wrote seems to work, which I have confirmed by using GetNamedSecurityInfoA on the object before and after I change the DACL, then passing the received SecurityDescriptors to ConvertSecurityDescriptorToStringSecurityDescriptorA, and making sure that they have changed. After running through this code, I'm able to log in as any user in the "DRS Operators" user group and am able to read/write to the disk.
The only problem I'm having is that the changes to the DACL do not persist after the system shuts down. After a restart, the DACL is set back to what it was before I ran through the code above (which I checked by using GetNamedSecurityInfoA). Does anyone here have an idea of why the changes aren't persisting?
