Windows file sharing: What ACE AccessMask flags correspond to the different share permissions?

StackOverflow https://stackoverflow.com/questions/17236837

Question

Recently I tried to create a share using WMI and give read and write permissions to a user. Now using 0x1 (FILE_READ_DATA/FILE_LIST_DIRECTORY) and 0x2 (FILE_WRITE_DATA/FILE_ADD_FILE) didn't work. Setting all flags gave me Full Control.

Which flags do I have to use to set the Read, Change and Full Control share permissions respectively?

Was it helpful?

Solution

I've found out the following by trial-and-error:

For Read permission you need to use 0x1200A9. This corresponds to the following flags:

FILE_READ_DATA (file) or FILE_LIST_DIRECTORY (directory)
1 (0x1)

FILE_READ_EA
8 (0x8)

FILE_EXECUTE (file) or FILE_TRAVERSE (directory)
32 (0x20)

FILE_READ_ATTRIBUTES
128 (0x80)

READ_CONTROL
131072 (0x20000)

SYNCHRONIZE
1048576 (0x100000)

For Change permission you need to use 0x1301BF. This corresponds to the following additional flags:

FILE_WRITE_DATA (file) or FILE_ADD_FILE (directory)
2 (0x2)

FILE_APPEND_DATA (file) or FILE_ADD_SUBDIRECTORY (directory)
4 (0x4)

FILE_WRITE_EA
16 (0x10)

FILE_WRITE_ATTRIBUTES
256 (0x100)

DELETE
65536 (0x10000)

For Full Control permission you need to use 0x1F01FF. This corresponds to the following additional flags:

FILE_DELETE_CHILD
64 (0x40)

WRITE_DAC
262144 (0x40000)

WRITE_OWNER
524288 (0x80000)
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top