0

I have a simple batch process running once per day to manage a disk quota (simply deletes all folders in excess of quota, oldest first). Works fine for what it's designed to do. Among other tasks, it appends a list of the deleted folders to a log file (a simple text file).

To prevent inadvertent changes to the log file, I have the read-only flag set (not attempting any real security, just protecting against a reflexive "save changes" if viewed in Notepad, for example). It's simple to use ATTRIB to turn the "R" off at the start & back on again at the end of the process.

I notice, however, that Windows doesn't appear to provide write access control to text files: I find that multiple instances of Notepad (or Notepad and another text editor; or a text editor and a CMD window) can each "save" to the text file (if read-only is off)--meaning those inadvertent changes (or wholesale deletion) could happen while the file is "vulnerable" because the process is running & it has the read-only turned off.

OK, it's not that big a deal for this specific application (the process typically takes ~30 seconds to run, and I'm the only user with access and "theoretically" know better)--but, I'd like to understand how to deal with this.

How can I save (append) to a read-only log file without opening it up to any other writes? I'd like something along the lines of:

take exclusive write control of log file
turn off read-only
perform rest of script
turn on read-only
release exclusive write control

It's those first & last steps I can't figure out....

Jughead135
  • 1
  • You are trying to use DOS attribs in an NTFS ACL world. If I am understanding correctly.. you could use ACLs (access control lists) to allow certain "users"(all of them you of course) to do this or that. You don't need to change the permissions on the file like you imply.. toggling on and off. instead.. "user1" can do this and not that.. "user2" has a different set of permissions. The problem with the sort of access you are talking about is why file systems support more robust security even more than the security itself. – Señor CMasMas Mar 15 '21 at 15:12
  • While you are undoubtedly correct on the ACL front, I'm really NOT trying to implement any security, just stop inadvertent changes to a log file. "Read-only" works great for that (except, I have to turn it off for the batch script to write to it). I had thought Windows did what I'm looking for "automatically": if I try to save (say) a PDF file that's open in another process, it blocks the attempt (i.e., treats the file as read-only for the duration of it being open). I was surprised to find that's evidently NOT the case with text files.... – Jughead135 Mar 15 '21 at 15:32
  • Windows (specifically NTFS) was designed to use two mechanisms to accomplish what you are talking about. The first piece has to do with the [CreateFile()](https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea) call.. but it has its limitations.. (what you are dealing with right now) .. thats where the NTFS ACL permissions come in. They aren't always for "Security".. we (as programmers) use these permissions to control finite access to files just like you are trying to do. DOS FileAttributes (R/W/S/H) are from an era long gone. Still used.. but not optimal. – Señor CMasMas Mar 15 '21 at 18:15
  • @SeñorCMasMas Sorry for the delay responding--when the system put me into "your question has already been answered" status, I'd thought this thread was blocked. Meanwhile, your answer appears much closer to what I'm seeking than the link to the allegedly "already answered" one does.... SO: I've got the ACL working the way I want... *except* I've only figured out how to isolate it down to username (my own, in general). How can I give a specific process (the batch running the script) exclusive rights, so even *I* can't step on it while it's running? Thanks for the help! – Jughead135 Mar 28 '21 at 21:36
  • If I am understanding your question correctly, you give a specific process rights like you describe by running that process as a USER that has the rights you desire. Does that answer your question or am I simply having a ***stupid Monday***? ;) – Señor CMasMas Mar 29 '21 at 19:10

0 Answers0