Problem using CACLS

M

Marcelo López

hi all, i'm developing a win app which requires have a folder which no
others users can access it.

So, i'm using impersonation, to switch to a special user created for my app.

To create the folder and give permissions to this "special user" i use de
prompt command

CACLS folder /G specialuser:F

It gives full control to the special user over the folder.

It worked ok, the special user can access the folder, create and move files,
etc. And no other can access the folder from the outside.

But the problem is that when i want to create a SUBFOLDER inside the folder,
the os throws an access denied exception.

I tried using the Change permission (user:C) but it didn't work.

Coudl someone help me ?

Regards,

Marcelo López.
Infocorp Latin America.
 
M

Michael Bednarek

hi all, i'm developing a win app which requires have a folder which no
others users can access it.

So, i'm using impersonation, to switch to a special user created for my app.

To create the folder and give permissions to this "special user" i use de
prompt command

CACLS folder /G specialuser:F

It gives full control to the special user over the folder.

It worked ok, the special user can access the folder, create and move files,
etc. And no other can access the folder from the outside.

But the problem is that when i want to create a SUBFOLDER inside the folder,
the os throws an access denied exception.
Click to expand...

Did you forget to grant yourself the necessary permissions?
CACLS folder /G specialuser:F "Domain Admins":F
 
M

Marcelo López

hi,

if i add the last user grant: "domain admins":F
the administrator could access my folder, and i want only my special user to
access the folder !!

May be i'm forgotting some command to include all subdirs in my cacls
command ?

Regards


 
M

Michael Bednarek

Your problem is not quite clear. If you grant access to specialuser
only, of course _you_ can't create a subdirectory.

If I run this command:
cacls fubar /G specialuser:C
the specialuser has (almost) all access rights to fubar and can create
(and delete) subdirectories which will inherit the ACL of the parent
directory (fubar); I, however, cannot even list that directory's
content, much less create subdirectories. In short, the cacls command
does exactly what I expected.

hi,

if i add the last user grant: "domain admins":F
the administrator could access my folder, and i want only my special user to
access the folder !!

May be i'm forgotting some command to include all subdirs in my cacls
command ?

Regards
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Using CACLS 2
CACLS 5
how to confirm a command ?? 2
User Accounts 1
Hide User Account 3
Create Admin Account 1
Deploy in .NET 2
Depply app with .NET 1

Top