Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[msh]Get-Acl not returning output

258 views
Skip to first unread message

/\/\o\/\/

unread,
Dec 26, 2005, 6:20:28 PM12/26/05
to
As I was working on a setAcl script,
I came to the following very strange problem with Get-Acl

I got this Error :

out-lineoutput : Output: object of type
"System.Management.Automation.Commands.Internal.Format.FormatStartData"
is not legal or not in the
correct sequence.

on the following line

get-acl $file | fl

on the commandline it did work, also in the following test script.

Function Test {
get-acl test.txt | fl
}

I even started with sleep for testing, then a get-acl before the
Set-acl, also no use.
b.t.w. its all working also. the rights are set.

then I remarked all the lines and started testing (see samples below sig),

after enabling the line :

$ar.IdentityReference.Translate([System.Security.Principal.securityidentifier])
(a test if the user is valid.)

the get-acl stopped working (except for giving the error if used with FL)
if I past this lines on the CLI it works also.

$ar = new
System.Security.AccessControl.FileSystemAccessRule("test","FullControl","Allow")

$ar.IdentityReference.Translate([System.Security.Principal.securityidentifier])
$file
get-acl $file | fl

?????
I'm out of ideas, someone an Idea what is happening here ?

gr /\/\o\/\/


WORKING :

MSH>function SetAclTxt {
>> Param ($file,$user,
>> [System.Security.AccessControl.FileSystemRights]$Rights,
>> [System.Security.AccessControl.AccessControlType]$access)
>>
>> $ar = new
System.Security.AccessControl.FileSystemAccessRule($user,$Rights,$access)
>>
#$ar.IdentityReference.Translate([System.Security.Principal.securityidentifier])
>> $file
>> get-acl $file | fl
>> #$acl = get-acl $file
>> #$acl.AccessToString
>> #$acl.SetAccessRule($ar)
>>
>> #get-acl $file
>> #set-acl $file $acl
>> #sleep 1
>> #get-acl $file
>>
>> }
>>
MSH>SetAclTxt "test.txt" "Test" "fullcontrol" "Allow"
test.txt


Path : FileSystem::G:\MOWSH\test.txt
Owner : computer\mow
Group : computer\None
Access : computer\test Allow FullControl
BUILTIN\Administrators Allow FullControl
NT AUTHORITY\SYSTEM Allow FullControl
computer\mow Allow FullControl
BUILTIN\Users Allow ReadAndExecute, Synchronize
Audit : .....

NOT WORKING :

MSH>function SetAclTxt {
>> Param ($file,$user,
>> [System.Security.AccessControl.FileSystemRights]$Rights,
>> [System.Security.AccessControl.AccessControlType]$access)
>>
>> $ar = new
System.Security.AccessControl.FileSystemAccessRule($user,$Rights,$access)
>>
$ar.IdentityReference.Translate([System.Security.Principal.securityidentifier])
>> $file
>> get-acl $file | fl
>> #$acl = get-acl $file
>> #$acl.AccessToString
>> #$acl.SetAccessRule($ar)
>>
>> #get-acl $file
>> #set-acl $file $acl
>> #sleep 1
>> #get-acl $file
>>
>> }
>>
MSH>SetAclTxt "test.txt" "Test" "fullcontrol" "Allow"

BinaryLength AccountDomainSid
Value
------------ ----------------
-----
28
S-1-5-xxxxxxxxxxxxxxxxxxxxxxxx
S-1-5-xxxxxxxxxxxxxxxxxxxx
test.txt
out-lineoutput : Output: object of type
"System.Management.Automation.Commands.Internal.Format.FormatStartData"
is not legal or not in the
correct sequence.
MSH>

Jouko Kynsijärvi

unread,
Dec 27, 2005, 5:00:11 PM12/27/05
to
The reason the last function gives the error is that you are outputting both
raw objects and MSH formatting information generated by format-list.

I'm not sure if this by design or a bug, but if you only mix simple types
(strings, integers etc.) and MSH formatting info, it works:

MSH> "test"; get-date | format-list
...

But mixing more complex objects and MSH formatting info gives an error:

MSH> get-date; get-date | format-list
out-lineoutput : Output: object of type "System.Management.Automation...

So add a "| format-list" after $ar.IdentityReference.Translate and the last
function should work.

>> function SetAclTxt {
>>> Param ($file,$user,
>>> [System.Security.AccessControl.FileSystemRights]$Rights,
>>> [System.Security.AccessControl.AccessControlType]$access)
>>>
>>> $ar = new
> System.Security.AccessControl.FileSystemAccessRule($user,$Rights,$access)
>>>
> #$ar.IdentityReference.Translate([System.Security.Principal.securityidentifier])
>>> $file
>>> get-acl $file | fl
>>> #$acl = get-acl $file
>>> #$acl.AccessToString
>>> #$acl.SetAccessRule($ar)
>>>
>>> #get-acl $file
>>> #set-acl $file $acl
>>> #sleep 1
>>> #get-acl $file
>>>
>>> }
>>>

>> SetAclTxt "test.txt" "Test" "fullcontrol" "Allow"
> test.txt
>
>
> Path : FileSystem::G:\MOWSH\test.txt
> Owner : computer\mow
> Group : computer\None
> Access : computer\test Allow FullControl
> BUILTIN\Administrators Allow FullControl
> NT AUTHORITY\SYSTEM Allow FullControl
> computer\mow Allow FullControl
> BUILTIN\Users Allow ReadAndExecute, Synchronize
> Audit : .....
>
>
>
> NOT WORKING :
>

>> function SetAclTxt {
>>> Param ($file,$user,
>>> [System.Security.AccessControl.FileSystemRights]$Rights,
>>> [System.Security.AccessControl.AccessControlType]$access)
>>>
>>> $ar = new
> System.Security.AccessControl.FileSystemAccessRule($user,$Rights,$access)
>>>
> $ar.IdentityReference.Translate([System.Security.Principal.securityidentifier])
>>> $file
>>> get-acl $file | fl
>>> #$acl = get-acl $file
>>> #$acl.AccessToString
>>> #$acl.SetAccessRule($ar)
>>>
>>> #get-acl $file
>>> #set-acl $file $acl
>>> #sleep 1
>>> #get-acl $file
>>>
>>> }
>>>

Kevin Loo [MSFT]

unread,
Dec 27, 2005, 5:11:30 PM12/27/05
to
This is a known issue. The cause is that format-list is invoked in the midst
of default formatting. We have considered various ways to address this.
However, it is highly unlikely it will get fixed in v1.

--
Kevin Loo [MSFT]
Microsoft Command Shell Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.

"/\/\o\/\/" <n...@Spam.mow> ???????:OhuXgNnC...@TK2MSFTNGP10.phx.gbl...

/\/\o\/\/

unread,
Dec 27, 2005, 5:24:58 PM12/27/05
to
Kevin Loo [MSFT] wrote:
> This is a known issue. The cause is that format-list is invoked in the midst
> of default formatting. We have considered various ways to address this.
> However, it is highly unlikely it will get fixed in v1.
>

I think it's realy a bug,
look at this example (more the original) I'm not use Format-List
anywhere (hard-coded) and the Translate is a couple of lines up.
still I got no output untill I add the FL.
how should I have a clue what is happening here ?
(I would accept it if it was only when used on 1 line, but not in a
whole function)

function SetAclTxt {
Param ($file,$user,
[System.Security.AccessControl.FileSystemRights]$Rights,
[System.Security.AccessControl.AccessControlType]$access)

$ar = new
System.Security.AccessControl.FileSystemAccessRule($user,$Rights,$access)

$ar.IdentityReference.Translate([System.Security.Principal.securityidentifier])


$acl = get-acl $file
$acl.SetAccessRule($ar)

"Before"
get-acl $file
set-acl $file $acl
"After"
get-acl $file

}

gr /\/\o\/\/

Jouko Kynsijärvi wrote:

> The reason the last function gives the error is that you are outputting both
> raw objects and MSH formatting information generated by format-list.
>
> I'm not sure if this by design or a bug, but if you only mix simple types
> (strings, integers etc.) and MSH formatting info, it works:
>
> MSH> "test"; get-date | format-list

> ....


>
> But mixing more complex objects and MSH formatting info gives an error:
>
> MSH> get-date; get-date | format-list
> out-lineoutput : Output: object of type "System.Management.Automation...
>
> So add a "| format-list" after $ar.IdentityReference.Translate and the last
> function should work.

Thanks for the info, at least I have a clue now why it does happen.

/\/\o\/\/

unread,
Dec 27, 2005, 6:10:16 PM12/27/05
to
I did some more testing. (change test to a valid user)

Function Test {


$ar = new
System.Security.AccessControl.FileSystemAccessRule("test","FullControl","Allow")

#$ar.IdentityReference.Translate([System.Security.Principal.securityidentifier])

#gi .
#get-acl test.txt
#get-date
get-acl test.txt
}

if you remove the Comments (bottom-up), you see the output changing.
every time you remove a #. (funny, I did not see this before)

this happens as well in a function as in a script.

is it save to say the issue is that if you do not format an object
hard-coded in a script or function created with a CMDlet you will mess
up the output format of later commands and if you do this with a .NET
object you will get no output at all anymore?

gr /\/\o\/\/

Kevin Loo [MSFT]

unread,
Dec 28, 2005, 1:35:14 PM12/28/05
to
Right. If no hard-coded formatting commands are used, the default formatter
will be used, which would cause any ensuing formatting commands to fail.
This is a bug. However, as mentioned, it is probably too late to get this
one fixed for v1. We apologize for any inconvenience caused.

--
Kevin Loo [MSFT]
Microsoft Command Shell Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.

"/\/\o\/\/" <n...@Spam.mow> ???????:%235Vkesz...@TK2MSFTNGP10.phx.gbl...

0 new messages