Questions tagged [dacl]

For questions about DACLs (Discretionary Access Control List), which is one of the most popular access control list types.

It allows or denies trustees access to computer and network resources.

It identifies group permissions and determines whether to allow access a securable object or process.

If a Windows object does not have a discretionary access control list (DACL), the system allows everyone full access to it.

If an object has a DACL, the system allows only the access that is explicitly allowed by the access control entries (ACEs) in the DACL. If there are no ACEs in the DACL, the system does not allow access to anyone.

Similarly, if a DACL has ACEs that allow access to a limited set of users or groups, the system implicitly denies access to all trustees not included in the ACEs.

Read more

57 questions

votes

0 answers

Set access permission on an application as antivirus do

I am trying to set permission on an application as read/execute only, I can achieve this by using c++ windows SetSecurityDescriptorDacl() function. But after that admin can change it by right clicking on a file…

asked Jul 26 '17 at 09:52

Amit.Desai

votes

0 answers

What is the purpose of the ACE entry SYSTEM in a Windows DACL?

What is the purpose of the ACE entry SYSTEM, granting FULL CONTROL in a Windows DACL? As far as I've seen it seems to always be there (is it?) but I've not found any explaination for its purpose.

windows access-control dacl

asked Dec 10 '16 at 16:52

Rafa

1,151
9
17

votes

1 answer

Mapping of access mask in DACL for CNG keys

(Note: IMO the question is mainly about WinAPI and DACL and not about CNG, so please read on!) I'm currently trying to modify the sample CNG key storage provider of Microsoft's Cryptographic Provider Development Kit in such a way that it does not…

winapi permissions cng dacl

asked Dec 05 '16 at 23:03

dannyM

votes

0 answers

Winapi: Security descriptor with size SECURITY_DESCRIPTOR_MIN_LENGTH has ACL

I'm new with winapi and I came across with this code: PSECURITY_DESCRIPTOR SD = NULL; Int length = SECURITY_DESCRIPTOR_MIN_LENGTH; SD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, length); if (SD == NULL) { printf("Error! SD is null.\n"); } if…

winapi acl msdn dacl

asked Apr 11 '16 at 13:20

Ojs

votes

1 answer

Creating an Access Token for a Process Specific Security Descriptor

Is it possible to create a custom Access Token to create Access Control Entries for a Discretionary Access Control List that will allow only certain processes to access a Global Mutex Object if they have the matching Access Token? This is in Windows…

c++ acl msdn dacl

asked Feb 26 '16 at 17:39

Frank Palmasani

votes

1 answer

Setup fails to give DLL access rights for local user

When I install my application using the setup executable (generated using NSIS) on certain computers a particular DLL does not get the ACL for the the local Users group in its security permissions. The result is that loading the DLL in question…

windows nsis access-rights dacl

asked Feb 24 '16 at 08:36

KungPhoo

votes

0 answers

Giving Folder access to only LocalAccount & denying from Everyone

I have to create a folder or modify security attributes if folder already exist. I need to set permissions to folder so that only LocalAccount has full access and other user accounts should not have any access to this folder. As of now, I'm…

c++ windows permissions acl dacl

asked Oct 05 '15 at 08:03

Raj

votes

0 answers

SetNamedSecurityInfo: Setting DACL for Object works, but does not persist after system restart

In Windows 7, I'm trying to give a user group the ability read/write access to a specific disk connected through SCSI so they can run a utility that reads/writes to that disk. I'm trying to do this through modifying the DACL of the disk object…

c++ windows dacl

asked Jul 22 '15 at 21:21

Lyonel

votes

1 answer

how to set multiple ACEs of a same trustee in an ACL of an object

I am trying to set two Entries to an object folder of a same group, with difference inheritance, (one NO_INHERITANCE for FILE_TRAVERSE, the other as SUB_CONTAINERS_AND_OBJECTS_INHERIT, for GENERIC_READ). I see that everytime the last call overwrite…

security permissions acl dacl

asked Aug 06 '12 at 13:57

Filippo Forlani

votes

1 answer

Unable to read the security descriptor from service

I unable to read security descriptor of a folder from service. The folder is created by a Limited user. Administrators Group is Denied "Read and Execute" control. Limited user & System user has full access. I have an elevated token privileged for -…

visual-c++ acl dacl

asked Jun 11 '12 at 09:04

VarunPandey

-1

votes

1 answer

I need to programatically get and set ACL's (access control list) for an Ubuntu 14.04 desktop computer using the ext4 filesytem

I need to programatically get and set ACL's (access control list) for an Ubuntu 14.04 LTS desktop computer using the ext4 filesytem. I was wondering if there is C or C++ library function to this. I need this C/C++ function to initialize a supplied…

c++ c ubuntu-14.04 dacl

asked Dec 29 '15 at 07:50

Frank

1,406
2
16
42

-2

votes

1 answer

how to print all groups or usernames for a given folder using c++

I have some problem. I tried to search solving in the internet, but didn't find them (they didn't work). The problem is... For example I have some folder: "directory1", I must get usernames and their permissions regarding this folder..

c++ winapi acl dacl

asked Aug 08 '22 at 06:50

Sarukhan M

Prev 1 2 3