如何使用Windows API正确检查对文件的有效读/写访问?
[英]How can I correctly check for effective read/write access to a file using Windows API?
问题描述
I've attempted to do this using GetEffectiveRightsFromAcl , but it's not returning the correct access mask for files that are denied to me due to a group I'm part of. 
我试图使用GetEffectiveRightsFromAcl来做这件事,但是由于我所属的团队,它没有为我拒绝的文件返回正确的访问掩码。
For example, I have a file, unreadable.txt . 例如,我有一个文件unreadable.txt 。 If I deny write access to unreadable.txt for my current user, the access mask correctly shows that I don't have write access. 如果我拒绝对当前用户的unreadable.txt进行写访问,则访问掩码正确显示我没有写访问权限。 However, if I instead deny write access for the 'Authenticated Users' group, the access mask implies that I have full access (which I don't). 但是,如果我拒绝拒绝“Authenticated Users”组的写访问权限,则访问掩码意味着我具有完全访问权限(我没有)。
My alternative was to manually iterate the Ace list and compare my SID with each entry, but I'm unable to find a clean or easy way to check if the Ace is for a group, and if the current user is part of that group. 我的替代方案是手动迭代Ace列表并将我的SID与每个条目进行比较,但是我无法找到一种干净或简单的方法来检查Ace是否适用于某个组,以及当前用户是否属于该组。
As an extension, the file may not exist (ie it's a new file, about to be written), in which case the access to the directory needs to be checked. 作为扩展,文件可能不存在(即,它是一个即将被写入的新文件),在这种情况下,需要检查对目录的访问。
Is there any good solution to this? 这有什么好的解决方案吗? It seems like there should exist an easier way to do this, without actually trying to read/write to the file in question. 似乎应该存在一种更简单的方法,而不是实际尝试读取/写入有问题的文件。
2 个解决方案
解决方案1
2 已采纳 2012-06-01 02:46:13
根据GetEffectiveRightsFromAcl API限制的知识库文章的建议,使用AccessCheck 。
解决方案2
1 2012-06-01 02:44:58
Just try to open the file with the desired mode using CreateFile - if it succeeds you know you have the access rights. 只需尝试使用CreateFile以所需模式打开文件 - 如果成功,则表示您具有访问权限。 You don't actually have to write anything to the file, just close it right away. 你实际上不必向文件写任何东西,只需立即关闭它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.