10.2.1 存取控制.htm
来自「Windows2000后台服务程序开发手册」· HTM 代码 · 共 723 行 · 第 1/5 页
HTM
723 行
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>定义为0x001F0000,这种存取权利包括所有标准权利。</FONT></TD></TR></TBODY></TABLE></CENTER>
<P><FONT style="LINE-HEIGHT: 25px" face=arial color=#000000
size=2>如同表10-13所示,标准权利包括一些强大的权利。例如,假设您持有对对象的WRITE_OWNER存取权限,但却被所有其他的对象拒绝,表示您可能无法作这么多。但是如果您选择使用这个存取设定对象的拥有者SID为您的SID,您就拥有内含的WRITE_DAC存取。然后您可以使用这个存取修改对象的DACL,以允许您自己得到对这个对象所有想要的存取。</FONT></P>
<P><FONT style="LINE-HEIGHT: 25px" face=arial color=#000000
size=2><FONT style="LINE-HEIGHT: 25px" face=arial color=#3e80d7
size=2><B
style="LINE-HEIGHT: 25px"> 特定权利 </B></FONT>特定权利占据了存取遮罩的位元15-0,因此每个系统中的安全对象可以拥有16位定义的不同存取权利。</FONT></P>
<P><FONT style="LINE-HEIGHT: 25px" face=arial color=#000000
size=2>因为特定权利和对象至对象的情形不同,与特定权利一起操作的最大挑战是找出对象可用之所有特定权利的广泛清单。您应该在两个地方寻找特定权利的详细说明:《Platform
SDK》文件及《Platform
SDK》标头档。您应该检查有兴趣之现存对象类型的handle函数。例如,假设您对于找出登录机码之可用特定权利感兴趣,则您会因为RegOpenKeyEx函数而查对《Platform
SDK》文件,您会找到例如KEY_READ、KEY_SET_VALUE及KEY_ALL_ACCESS的权利叙述。在您有了某个对象的几个存取权利名称之后,便可以在《Platform
SDK》所包含的目录中搜寻标头档,它定义了一个或更多个您知道的特定权利,然后您可以找出那个对象剩下的存取权利。</FONT></P>
<P><FONT style="LINE-HEIGHT: 25px" face=arial color=#000000
size=2>表10-14列出Windows最常见的安全对象之特定权利。</FONT></P>
<P><FONT style="LINE-HEIGHT: 25px" face=arial color=#000000
size=2>SPECIFIC_RIGHTS_ALL被定义为0x0000FFFF,包括所有的位元16,在存取遮罩中预留给特定权利。</FONT></P>
<CENTER style="LINE-HEIGHT: 25px">
<TABLE style="LINE-HEIGHT: 25px" border=0>
<TBODY style="LINE-HEIGHT: 25px">
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px" align=middle><FONT
style="LINE-HEIGHT: 25px" face=arial color=#000000
size=2><FONT style="LINE-HEIGHT: 25px" face=arial
color=#3e80d7 size=2><B
style="LINE-HEIGHT: 25px"> 表10-14 </B></FONT>通用安全对象的特定权利</FONT></TD></TR></TBODY></TABLE></CENTER>
<CENTER style="LINE-HEIGHT: 25px">
<TABLE style="WIDTH: 593px; LINE-HEIGHT: 25px; HEIGHT: 6624px"
border=1>
<TBODY style="LINE-HEIGHT: 25px">
<TR style="LINE-HEIGHT: 25px">
<TH style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>对象类型</FONT> </TH>
<TH style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>特定权利</FONT></TH></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>文件(WinNT.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">FILE_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SYNCHRONIZE | <BR> 0x1FF) <BR> (0x1FF包括所有目前为文件定义的标准权利) <BR> FILE_READ_DATA <BR> FILE_WRITE_DATA <BR> FILE_APPEND_DATA <BR> FILE_READ_EA <BR> FILE_WRITE_EA <BR> FILE_EXECUTE <BR> FILE_READ_ATTRIBUTES <BR> FILE_WRITE_ATTRIBUTES</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>目录(WinNT.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">FILE_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SYNCHRONIZE | <BR> 0x1FF) <BR> (0x1FF包括所有目前为文件定义的标准权利) <BR> FILE_LIST_DIRECTORY <BR> FILE_ADD_FILE <BR> FILE_ADD_SUBDIRECTORY <BR> FILE_READ_EA <BR> FILE_WRITE_EA <BR> FILE_TRAVERSE <BR> FILE_DELETE_CHILD <BR> FILE_READ_ATTRIBUTES <BR> FILE_WRITE_ATTRIBUTES</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>服务(WinSvc.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">SERVICE_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SERVICE_QUERY_CONFIG | <BR> SERVICE_CHANGE_CONFIG | <BR> SERVICE_QUERY_STATUS | <BR> SERVICE_ENUMERATE_DEPENDENTS | <BR> SERVICE_START | <BR> SERVICE_STOP | <BR> SERVICE_PAUSE_CONTINUE | <BR> SERVICE_INTERROGATE | <BR> SERVICE_USER_DEFINED_CONTROL) <BR> SERVICE_CHANGE_CONFIG <BR> SERVICE_ENUMERATE_DEPENDENTS <BR> SERVICE_INTERROGATE <BR> SERVICE_PAUSE_CONTINUE <BR> SERVICE_QUERY_CONFIG <BR> SERVICE_QUERY_STATUS <BR> SERVICE_START <BR> SERVICE_STOP <BR> SERVICE_USER_DEFINED_CONTROL</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>打印机(WinSpool.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">SERVER_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SERVER_ACCESS_ADMINISTER | <BR> SERVER_ACCESS_ENUMERATE) <BR> PRINTER_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> PRINTER_ACCESS_ADMINISTER | <BR> PRINTER_ACCESS_USE) <BR> JOB_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> JOB_ACCESS_ADMINISTER) <BR> SERVER_ACCESS_ADMINISTER <BR> SERVER_ACCESS_ENUMERATE <BR> PRINTER_ACCESS_ADMINISTER <BR> PRINTER_ACCESS_USE <BR> JOB_ACCESS_ADMINISTER</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>登录机码(WinNT.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">KEY_ALL_ACCESS <BR> (STANDARD_RIGHTS_ALL | <BR> KEY_QUERY_VALUE | <BR> KEY_SET_VALUE | <BR> KEY_CREATE_SUB_KEY | <BR> KEY_ENUMERATE_SUB_KEYS | <BR> KEY_NOTIFY | <BR> KEY_CREATE_LINK) <BR> KEY_QUERY_VALUE <BR> KEY_SET_VALUE <BR> KEY_CREATE_SUB_KEY <BR> KEY_ENUMERATE_SUB_KEYS <BR> KEY_NOTIFY <BR> KEY_CREATE_LINK</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>分享对象(LMShare.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">PERM_FILE_READ <BR> PERM_FILE_WRITE <BR> PERM_FILE_CREATE</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>处理程序(WinNT.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">PROCESS_ALL_ACCESS <BR> (STANDARD_RIGHTS_REQUIRED | <BR> SYNCHRONIZE | <BR> 0xFFF) <BR> (0xFFF包括所有目前为处理程序定义的标准权利) <BR> PROCESS_TERMINATE <BR> PROCESS_CREATE_THREAD <BR> PROCESS_SET_SESSIONID <BR> PROCESS_VM_OPERATION <BR> PROCESS_VM_READ <BR> PROCESS_VM_WRITE <BR> PROCESS_DUP_HANDLE <BR> PROCESS_CREATE_PROCESS <BR> PROCESS_SET_QUOTA <BR> PROCESS_SET_INFORMATION <BR> PROCESS_QUERY_INFORMATION</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>线程(WinNT.h)</FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD></TR>
<CAPTION style="LINE-HEIGHT: 25px">THREAD_ALL_ACCESS </CAPTION>
<TBODY>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
face=arial size=2> </FONT></TD>
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>
<DIV
style="LINE-HEIGHT: 25px; BACKGROUND-COLOR: #d7d7d7"><FONT
style="LINE-HEIGHT: 25px" face=Arial size=3><PRE style="LINE-HEIGHT: 25px">(STANDARD_RIGHTS_REQUIRED | <BR> SYNCHRONIZE | <BR> 0x3FF) <BR> (0x3FF包括所有目前为线程定义的标准权利) <BR> THREAD_TERMINATE <BR> THREAD_SUSPEND_RESUME <BR> THREAD_GET_CONTEXT <BR> THREAD_SET_CONTEXT <BR> THREAD_SET_INFORMATION <BR> THREAD_QUERY_INFORMATION <BR> THREAD_SET_THREAD_TOKEN <BR> THREAD_IMPERSONATE <BR> THREAD_DIRECT_IMPERSONATION</PRE></FONT></DIV></FONT></TD></TR>
<TR style="LINE-HEIGHT: 25px">
<TD style="LINE-HEIGHT: 25px"><FONT style="LINE-HEIGHT: 25px"
size=2>工作 (WinNT.h)</FONT></TD>
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?