[jcifs] Create homeDirectory from user and assing permissions using jcifs
Michael B Allen
ioplex at gmail.com
Sat Dec 15 15:23:40 MST 2012
On Tue, Dec 11, 2012 at 4:59 AM, Felipe García <torcaz99 at hotmail.com> wrote:
> I'm creating user accounts in Active Directory using ldap commands.
> Later, I create his "homeDirectory" using cifs using:
> new (SmfFile('smb://DOMAIN;username:passwd@server/share/User').mkdir();
> with username an Active Direcctory account to create the account and
> "User" the home directory for user "User".
> But now, I need to change owner of the folder from "username" to the new
> "User". And assign necessary permissions to other users and groups.
> I've used a user called "admin" to create the user "user1". And I'd like
> to change permission to allow other users/groups to access this share:
> I need to change owner on folder "user1" from "admin" to "user1".
> Allow acess:
> DOMAIN\Adminsitrators --> All permissions.
> DOMAIN\Operator --> Read, Write, execution.
> DOMAIN\user1 --> Read, Writ, Execution, Modify, Read an execute.
> Can any tell me if is possible?
Unfortunately it is not possible using JCIFS. You would have to
construct and write the directory security descriptor. And there are
funky rules about setting permissions on directories that require
walking through all sub-objects and modifying their descriptors.
Suffice it to say this sort of thing is non-trivial. JCIFS can read
and decode security descriptors but it cannot write them. One reason
the code for writing security descriptors was never implemented was
because it is dangerous. You could probably really screw up
permissions on things if you're not careful. Put the mouse down and
step away from the keyboard. Just walk away from this one.
Note that you should never use credentials in the URL. Use the
NtlmPasswordAuthentication class to create credentials and then pass
that to the SmbFile* constructors separately.
Michael B Allen
Java Active Directory Integration
More information about the jCIFS