pipe get-acl to set-acl without copying the owner

Welcome Forums General PowerShell Q&A pipe get-acl to set-acl without copying the owner

This topic contains 7 replies, has 5 voices, and was last updated by

js
 
Participant
2 months, 4 weeks ago.

  • Author
    Posts
  • #108575
    js

    Participant
    Points: 202
    Helping Hand
    Rank: Participant

    I was just wondering if anyone has tried piping get-acl to set-acl without copying the owner. I tried this without success:

    PS C:\users\superuser> get-acl c:\users\user1\foo.txt | select * -exclude owner | 
      set-acl c:\users\user2\foo.txt
    
    set-acl : AclObject
    At line:1 char:63
    + ... o.txt | select * -exclude owner | set-acl c:\users\user2\foo.txt
    +                                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (@{PSPath=Micros...Canonical=True}:PSObject) [Set-Acl], ArgumentException
        + FullyQualifiedErrorId : SetAcl_AclObject,Microsoft.PowerShell.Commands.SetAclCommand
  • #108700

    Participant
    Points: 158
    Helping Hand
    Rank: Participant

    What exactly are you trying to do? The file has to have an owner. You can change or set the owner, but that is not the way to do it. Set-ACL is expecting a PSObject formatted with required information and you are removing it. I would recommend reading the help files on Set-ACL for examples and researching the internet for examples.

  • #108733
    js

    Participant
    Points: 202
    Helping Hand
    Rank: Participant

    I just want to change the acl, while keeping the owner the same. I was wondering what property in the acl contains the owner.

    Btw, the submit button looks like it's grayed out.

    • #108742

      Participant
      Points: 527
      Helping Hand
      Rank: Major Contributor

      All ACL properties are not settable, you have to cherry pick the objects required to set.

  • #108758

    Participant
    Points: 159
    Helping Hand
    Rank: Participant

    Yep. You'll want to do something like this:

    $ACL = Get-Acl -Path $Path
    $AccessRights = $ACL.Access
    
    # make changes to $accessrights by adding, removing, or altering the FileSystemAccessRules
    
    Set-Acl -Path $Path -AclObject $AccessRights
  • #108764
    js

    Participant
    Points: 202
    Helping Hand
    Rank: Participant

    I found this way. Joel, I got an invalid argument error. I think you mean "-aclobject $acl".

    # this works
    
    # path, owner, and group properties are null
    $acl = (Get-Item c:\users\user1\foo.txt).GetAccessControl('Access')
    
    $acl | set-acl c:\users\user2\foo.txt

    I tried "$acl.owner = $null", but the property is ReadOnly. I think the input object has to be a certain type.

  • #108886

    Participant
    Points: 68
    Rank: Member

    While it isn't a one liner, would this work? Or does that blow up some sort of auditing for you?

    # get the original owner
    $originalOwner = (Get-Acl -Path .\file2.txt | Select-Object -ExpandProperty Owner) -split '\\'
    $OwnerPrincipal = New-Object System.Security.Principal.NTAccount($originalOwner[0], $originalOwner[1])
    # set the ACL
    Get-ACL -Path .\file.txt | Set-Acl -Path .\file2.txt
    # update the owner information
    $acl = Get-ACL -Path .\file2.txt
    $acl.SetOwner($OwnerPrincipal)
    Set-ACL -Path .\file2.txt -AclObject $acl 
    
    
    
    • #108899
      js

      Participant
      Points: 202
      Helping Hand
      Rank: Participant

      What I posted works fine, but that is perfectly valid, Stephen, even as the System user.

You must be logged in to reply to this topic.