Folder Permissions
-
Hi, I need to find what are the permissions on a specified folder on the computer. I need to do this by using SQL code. Is it possible to create a stored procedure to showthe permissions of a folder? if yes where can I find some examples to follow please or do someone has any examples please? Thanks
-
Hi, I need to find what are the permissions on a specified folder on the computer. I need to do this by using SQL code. Is it possible to create a stored procedure to showthe permissions of a folder? if yes where can I find some examples to follow please or do someone has any examples please? Thanks
That would be done by executing the
ATTRIBcommand, through thexp_cmdshell, a stored procedure that's blocked for safety.EXEC master.dbo.sp_configure 'show advanced options', 1
RECONFIGURE
EXEC master.dbo.sp_configure 'xp_cmdshell', 1
RECONFIGURE
EXEC xp_cmdshell 'attrib "C:\Program Files"'You can read about safety here[^].
I are troll :)
modified on Monday, May 25, 2009 2:23 PM
-
That would be done by executing the
ATTRIBcommand, through thexp_cmdshell, a stored procedure that's blocked for safety.EXEC master.dbo.sp_configure 'show advanced options', 1
RECONFIGURE
EXEC master.dbo.sp_configure 'xp_cmdshell', 1
RECONFIGURE
EXEC xp_cmdshell 'attrib "C:\Program Files"'You can read about safety here[^].
I are troll :)
modified on Monday, May 25, 2009 2:23 PM
-
Thanks for your reply. how can I modify this to pass the path as a parameter? I am trying to do it but there is no output.
You can encapsulate the commands in a stored procedure like this;
CREATE PROCEDURE ExecCmd
@PATH AS VARCHAR(1024)
AS
BEGIN
DECLARE @Command AS VARCHAR(1024)
SET @Command = REPLACE('attrib ""', '', @PATH)
EXEC xp_cmdshell @Command
ENDCalling the stored procedure with a parameter is done like this;
EXEC ExecCmd 'C:\Program Files'
Good luck :)
I are troll :)
-
You can encapsulate the commands in a stored procedure like this;
CREATE PROCEDURE ExecCmd
@PATH AS VARCHAR(1024)
AS
BEGIN
DECLARE @Command AS VARCHAR(1024)
SET @Command = REPLACE('attrib ""', '', @PATH)
EXEC xp_cmdshell @Command
ENDCalling the stored procedure with a parameter is done like this;
EXEC ExecCmd 'C:\Program Files'
Good luck :)
I are troll :)
Thaks for the answer. It is working fine for the Program Files path. the strange thing is that it is not working for other folders that I am passing. Is only returning the folder path only, without any R or something else. And these folders have full permissions (Everyone has full permissions). Do you have an idea of what is going wrong? Thanks
-
Thaks for the answer. It is working fine for the Program Files path. the strange thing is that it is not working for other folders that I am passing. Is only returning the folder path only, without any R or something else. And these folders have full permissions (Everyone has full permissions). Do you have an idea of what is going wrong? Thanks
Sorry, my bad. The
ATTRIBcommand returns the attributes of a file/folder. You don't want the attributes, but the effective permissions per user/windows account. These can be obtained in a similar fashion, using theCACLScommand;CACLS "C:\Program Files"
Hope this helps :)
I are troll :)
-
Sorry, my bad. The
ATTRIBcommand returns the attributes of a file/folder. You don't want the attributes, but the effective permissions per user/windows account. These can be obtained in a similar fashion, using theCACLScommand;CACLS "C:\Program Files"
Hope this helps :)
I are troll :)
-
Thanks very much. It realy works. Sry for bothering again but if I had to find only the permissions for the current user how could i modify that? only if possible? Thanks again
I'm afraid that's somewhat harder to do; the effective permissions aren't set for a user, but for different groups of people. That's one of the reasons why we don't check if we got permission to write to a folder, but simply write, relying on the exception-mechanism to warn when there's insufficient rights. The only way of getting the permissions for the user, is checking whether he/she is a member of the groups that get listed. Your user may be a member of multiple groups, so that makes it somewhat more complex. Your user can have read-access for a particular folder, based on the CREATOR OWNER group, but he/she might *also* have write permissions for *that same* folder if he/she's also a member of BUILTIN\Administrators. That means three steps; * Get the permissions for each group on a folder * Check whether the user is part of that group * Add all permissions, for each group that the user is a member of. That's the effective permission for the folder. Good hunting :)
I are troll :)
-
I'm afraid that's somewhat harder to do; the effective permissions aren't set for a user, but for different groups of people. That's one of the reasons why we don't check if we got permission to write to a folder, but simply write, relying on the exception-mechanism to warn when there's insufficient rights. The only way of getting the permissions for the user, is checking whether he/she is a member of the groups that get listed. Your user may be a member of multiple groups, so that makes it somewhat more complex. Your user can have read-access for a particular folder, based on the CREATOR OWNER group, but he/she might *also* have write permissions for *that same* folder if he/she's also a member of BUILTIN\Administrators. That means three steps; * Get the permissions for each group on a folder * Check whether the user is part of that group * Add all permissions, for each group that the user is a member of. That's the effective permission for the folder. Good hunting :)
I are troll :)