Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTFSD

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

FILE_OPEN_FOR_BACKUP_INTENT

Duane_SouderDuane_Souder Member Posts: 26
Thanks to everyone for their patience with this one.
I know posting to both boards asking about FILE_OPEN_FOR_BACKUP_INTENT
is not in keeping with the spirit of the boards, but since I am also
responsible for
a FSD, well, as they say, there is my quandary.

The MSDN states that this CreateOption is "..irrelevant to device and
intermediate drivers".
(ref.
http://msdn2.microsoft.com/en-us/library/bb432380(VS.85).aspx)
OSRonline states that this CreateOption means
"The file is being opened for backup intent, hence, the
system should check for
certain access rights and grant the caller the
appropriate accesses to the file before
checking the input DesiredAccess against the file's
security descriptor.
This flag is irrelevant to device and intermediate drivers."
(ref. http://www.osronline.com/DDKx/kmarch/k111_9dte.htm)
Another place in the MSDN has similar wording to the OSR statement.

Basically my questions are:
1) Is it true: If certain access rights are checked, then the access
actually granted to the file/directory for this
open could result in "Write" access granted even though "Write"
was not specified in DesireAccess.
2) As an FSD, what / where are these "certain access rights" and how
do I map / compare them
(or do I) against the Disposition, Options, and DesiredAccess
requested in the file/directory Open?
Thanks
Duane

Comments

  • David_J._CraigDavid_J._Craig Member Posts: 1,885
    Have you looked at FastFat? It is a standard FSD with some security in that types of creates. I have not looked, but the write of attributes is appropriate for a backup utility and during restore a write of the data should be permitted. A user must have backup rights and when those are granted, they have more access to the filesystem than almost any user. That is why correct usage of privileges is important.
    "Duane Souder" wrote in message news:[email protected]
    Thanks to everyone for their patience with this one.
    I know posting to both boards asking about FILE_OPEN_FOR_BACKUP_INTENT
    is not in keeping with the spirit of the boards, but since I am also responsible for
    a FSD, well, as they say, there is my quandary.

    The MSDN states that this CreateOption is "..irrelevant to device and intermediate drivers".
    (ref. http://msdn2.microsoft.com/en-us/library/bb432380(VS.85).aspx)
    OSRonline states that this CreateOption means
    "The file is being opened for backup intent, hence, the system should check for
    certain access rights and grant the caller the appropriate accesses to the file before
    checking the input DesiredAccess against the file's security descriptor.
    This flag is irrelevant to device and intermediate drivers."
    (ref. http://www.osronline.com/DDKx/kmarch/k111_9dte.htm)
    Another place in the MSDN has similar wording to the OSR statement.

    Basically my questions are:
    1) Is it true: If certain access rights are checked, then the access actually granted to the file/directory for this
    open could result in "Write" access granted even though "Write" was not specified in DesireAccess.
    2) As an FSD, what / where are these "certain access rights" and how do I map / compare them
    (or do I) against the Disposition, Options, and DesiredAccess requested in the file/directory Open?
    Thanks
    Duane
  • Duane_SouderDuane_Souder Member Posts: 26
    David,
    Thanks for the reply. I just checked the fastfat source from the vista
    ddk and
    file_open_for_backup_intent is not used in fastfat.
    Can anyone shed some light on this issue ?
    Can anyone from Microsoft comment ?
    Thanks,
    Duane Souder
    Cisco Systems Inc.

    David Craig wrote:

    > Have you looked at FastFat? It is a standard FSD with some security
    > in that types of creates. I have not looked, but the write of
    > attributes is appropriate for a backup utility and during restore a
    > write of the data should be permitted. A user must have backup rights
    > and when those are granted, they have more access to the filesystem
    > than almost any user. That is why correct usage of privileges is
    > important.
    >
    > "Duane Souder" >
    > wrote in message news:[email protected]
    > Thanks to everyone for their patience with this one.
    > I know posting to both boards asking about FILE_OPEN_FOR_BACKUP_INTENT
    > is not in keeping with the spirit of the boards, but since I am
    > also responsible for
    > a FSD, well, as they say, there is my quandary.
    >
    > The MSDN states that this CreateOption is "..irrelevant to device
    > and intermediate drivers".
    > (ref.
    > http://msdn2.microsoft.com/en-us/library/bb432380(VS.85).aspx)
    > OSRonline states that this CreateOption means
    > "The file is being opened for backup intent, hence,
    > the system should check for
    > certain access rights and grant the caller the
    > appropriate accesses to the file before
    > checking the input DesiredAccess against the file's
    > security descriptor.
    > This flag is irrelevant to device and intermediate
    > drivers."
    > (ref.
    > http://www.osronline.com/DDKx/kmarch/k111_9dte.htm)
    > Another place in the MSDN has similar wording to the OSR statement.
    >
    > Basically my questions are:
    > 1) Is it true: If certain access rights are checked, then the
    > access actually granted to the file/directory for this
    > open could result in "Write" access granted even though
    > "Write" was not specified in DesireAccess.
    > 2) As an FSD, what / where are these "certain access rights" and
    > how do I map / compare them
    > (or do I) against the Disposition, Options, and
    > DesiredAccess requested in the file/directory Open?
    > Thanks
    > Duane
    >
    >
    >
    > ---
    > NTFSD is sponsored by OSR
    >
    > For our schedule debugging and file system seminars
    > (including our new fs mini-filter seminar) visit:
    > http://www.osr.com/seminars
    >
    > You are currently subscribed to ntfsd as: unknown lmsubst tag
    > argument: ''
    > To unsubscribe send a blank email to [email protected]
  • Mark_S._EdwardsMark_S._Edwards Member Posts: 475
    Can't say as I've explored deeply, but I have used
    FILE_OPEN_FOR_BACKUP_INTENT as far as I'm aware it effectively means
    that you have no write access on the file.

    Of course, in using it I wasn't interested in checking or using write access.

    As for the access rights, the calling process must have the
    SeBackupPrivilege set.

    HTH,

    Mark.


    At 21:28 14/05/2008, you wrote:
    >David,
    >Thanks for the reply. I just checked the fastfat source from the
    >vista ddk and
    >file_open_for_backup_intent is not used in fastfat.
    >Can anyone shed some light on this issue ?
    >Can anyone from Microsoft comment ?
    >Thanks,
    >Duane Souder
    >Cisco Systems Inc.
    >
    >David Craig wrote:
    >>Have you looked at FastFat? It is a standard FSD with some
    >>security in that types of creates. I have not looked, but the
    >>write of attributes is appropriate for a backup utility and during
    >>restore a write of the data should be permitted. A user must have
    >>backup rights and when those are granted, they have more access to
    >>the filesystem than almost any user. That is why correct usage of
    >>privileges is important.
    >>"Duane Souder" <<mailto:[email protected]>[email protected]> wrote
    >>in message news:[email protected]
    >>Thanks to everyone for their patience with this one.
    >>I know posting to both boards asking about FILE_OPEN_FOR_BACKUP_INTENT
    >>is not in keeping with the spirit of the boards, but since I am
    >>also responsible for
    >>a FSD, well, as they say, there is my quandary.
    >>
    >>The MSDN states that this CreateOption is "..irrelevant to device
    >>and intermediate drivers".
    >> (ref.
    >> http://msdn2.microsoft.com/en-us/library/bb432380(VS.85).aspx)
    >>OSRonline states that this CreateOption means
    >> "The file is being opened for backup intent, hence,
    >> the system should check for
    >> certain access rights and grant the caller the
    >> appropriate accesses to the file before
    >> checking the input DesiredAccess against the file's
    >> security descriptor.
    >> This flag is irrelevant to device and intermediate drivers."
    >> (ref.
    >> http://www.osronline.com/DDKx/kmarch/k111_9dte.htm)
    >>Another place in the MSDN has similar wording to the OSR statement.
    >>
    >>Basically my questions are:
    >>1) Is it true: If certain access rights are checked, then the
    >>access actually granted to the file/directory for this
    >> open could result in "Write" access granted even
    >> though "Write" was not specified in DesireAccess.
    >>2) As an FSD, what / where are these "certain access rights" and
    >>how do I map / compare them
    >> (or do I) against the Disposition, Options, and
    >> DesiredAccess requested in the file/directory Open?
    >>Thanks
    >>Duane
    >>
    >>
    >>
    >>---
    >>NTFSD is sponsored by OSR
    >>
    >>For our schedule debugging and file system seminars
    >>(including our new fs mini-filter seminar) visit:
    >>http://www.osr.com/seminars
    >>
    >>You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ''
    >>To unsubscribe send a blank email to
    >>[email protected]
    >
    >
    >---
    >NTFSD is sponsored by OSR
    >
    >For our schedule debugging and file system seminars
    >(including our new fs mini-filter seminar) visit:
    >http://www.osr.com/seminars
    >
    >You are currently subscribed to ntfsd as: [email protected]
    >To unsubscribe send a blank email to [email protected]
  • Rick_WRick_W Member Posts: 126
    When you use open for backup intent you must have SeBackupPrivilege and SeRestorePrivilige (if you need to restore files). You will not get write access if you did not ask for it but if you do ask for write access the file system will check that you have SeRestorePrivilege. If you do then you can open for write even if the user would not normally have write access (SeRestorePrivilege must be requested by the process using open for backup and the user must be allowed to set it). As far as I know the "certain access rights" mentioned in the documents would be the backup and restore privileges.
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    > file_open_for_backup_intent is not used in fastfat

    . and rightly so: the purpose is to save all streams in a backup, and FAT
    (as opposed to NTFS) does not have any.







    From: [email protected]
    [mailto:[email protected]] On Behalf Of Duane Souder
    Sent: Wednesday, May 14, 2008 4:28 PM
    To: Windows File Systems Devs Interest List
    Subject: Re: [ntfsd] FILE_OPEN_FOR_BACKUP_INTENT



    David,
    Thanks for the reply. I just checked the fastfat source from the vista ddk
    and
    file_open_for_backup_intent is not used in fastfat.
    Can anyone shed some light on this issue ?
    Can anyone from Microsoft comment ?
    Thanks,
    Duane Souder
    Cisco Systems Inc.

    David Craig wrote:



    Have you looked at FastFat? It is a standard FSD with some security in that
    types of creates. I have not looked, but the write of attributes is
    appropriate for a backup utility and during restore a write of the data
    should be permitted. A user must have backup rights and when those are
    granted, they have more access to the filesystem than almost any user. That
    is why correct usage of privileges is important.

    "Duane Souder" wrote in message news:[email protected]

    Thanks to everyone for their patience with this one.
    I know posting to both boards asking about FILE_OPEN_FOR_BACKUP_INTENT
    is not in keeping with the spirit of the boards, but since I am also
    responsible for
    a FSD, well, as they say, there is my quandary.

    The MSDN states that this CreateOption is "..irrelevant to device and
    intermediate drivers".
    (ref.
    http://msdn2.microsoft.com/en-us/library/bb432380(VS.85
    ).aspx)
    OSRonline states that this CreateOption means
    "The file is being opened for backup intent, hence, the system
    should check for
    certain access rights and grant the caller the appropriate
    accesses to the file before
    checking the input DesiredAccess against the file's security
    descriptor.
    This flag is irrelevant to device and intermediate drivers."
    (ref. http://www.osronline.com/DDKx/kmarch/k111_9dte.htm)
    Another place in the MSDN has similar wording to the OSR statement.

    Basically my questions are:
    1) Is it true: If certain access rights are checked, then the access
    actually granted to the file/directory for this
    open could result in "Write" access granted even though "Write" was
    not specified in DesireAccess.
    2) As an FSD, what / where are these "certain access rights" and how do I
    map / compare them
    (or do I) against the Disposition, Options, and DesiredAccess
    requested in the file/directory Open?
    Thanks
    Duane



    ---
    NTFSD is sponsored by OSR

    For our schedule debugging and file system seminars
    (including our new fs mini-filter seminar) visit:
    http://www.osr.com/seminars

    You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ''
    To unsubscribe send a blank email to [email protected]



    ---
    NTFSD is sponsored by OSR

    For our schedule debugging and file system seminars
    (including our new fs mini-filter seminar) visit:
    http://www.osr.com/seminars

    You are currently subscribed to ntfsd as: [email protected]
    To unsubscribe send a blank email to [email protected]
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    > Thanks for the reply. I just checked the fastfat source from the vista
    > ddk and
    > file_open_for_backup_intent is not used in fastfat.

    This flag only influences the access rights checking on NTFS.

    Since FAT has no file access rights, it ignores this flag.

    --
    Maxim Shatskih, Windows DDK MVP
    StorageCraft Corporation
    [email protected]
    http://www.storagecraft.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    > . and rightly so: the purpose is to save all streams in a backup, and FAT
    > (as opposed to NTFS) does not have any.

    No, its about the ACLs.

    In "backup intent" open, the SeBackup/RestorePrivilege must be on, but the file
    ACL is just ignored.

    FAT has no ACLs.

    --
    Maxim Shatskih, Windows DDK MVP
    StorageCraft Corporation
    [email protected]
    http://www.storagecraft.com
  • Gabriel_BerceaGabriel_Bercea Member - All Emails Posts: 482
    This flag is also set when a user mode folder monitor is on, reading directory changes with ReadDirectoryChangesW. The handle passed to ReadDirectoryChangesW should be open with this flag, so it is only somekind of state flag.

    Cheers,
    Gabriel

  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    > No, its about the ACLs.
    It is true that MSDN says that in FILE_OPEN_FOR_BACKUP_INTENT case
    " ... the system should check for certain access rights and grant
    the caller the appropriate access to the file-before checking the
    DesiredAccess parameter against the file's security descriptor.
    This flag not used by device and intermediate drivers."

    But what are these "certain access rights", why are they
    have to be checked and for what purpose? The answer is in the
    description of BackupRead API, which sits on top and "processes all
    of the data pertaining to an opened object as a series of
    discrete byte streams. Each stream is preceded by a 32-bit
    aligned WIN32_STREAM_ID structure."

    Now it becomes clear why these "certain access rights" are
    so special.

    It is about ADSes. ACLs are a consequence, not the reason.

    I wish the docs would add a word or two to " not used by
    device and intermediate drivers."




    > -----Original Message-----
    > From: [email protected] [mailto:bounce-324335-
    > [email protected]] On Behalf Of Maxim S. Shatskih
    > Sent: Thursday, May 15, 2008 12:16 AM
    > To: Windows File Systems Devs Interest List
    > Subject: Re:[ntfsd] FILE_OPEN_FOR_BACKUP_INTENT
    >
    > > . and rightly so: the purpose is to save all streams in a backup, and
    > FAT
    > > (as opposed to NTFS) does not have any.
    >
    > No, its about the ACLs.
    >
    > In "backup intent" open, the SeBackup/RestorePrivilege must be on, but
    > the file
    > ACL is just ignored.
    >
    > FAT has no ACLs.
    >
    > --
    > Maxim Shatskih, Windows DDK MVP
    > StorageCraft Corporation
    > [email protected]
    > http://www.storagecraft.com
    >
    >
    > ---
    > NTFSD is sponsored by OSR
    >
    > For our schedule debugging and file system seminars
    > (including our new fs mini-filter seminar) visit:
    > http://www.osr.com/seminars
    >
    > You are currently subscribed to ntfsd as: [email protected]
    > To unsubscribe send a blank email to [email protected]
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    > But what are these "certain access rights", why are they
    > have to be checked and for what purpose? The answer is in the
    > description of BackupRead API

    You can open file for backup and use ReadFile instead of BackupRead, the ACLs
    will still be ignored.

    --
    Maxim Shatskih, Windows DDK MVP
    StorageCraft Corporation
    [email protected]
    http://www.storagecraft.com
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Developing Minifilters 24 May 2021 Live, Online
Writing WDF Drivers 14 June 2021 Live, Online
Internals & Software Drivers 2 August 2021 Live, Online
Kernel Debugging 27 Sept 2021 Live, Online