Hi, All
Recently, I met a problem.
When I implement the acl of my file system, I use SeAssignSecurity to assign the acl of the parent to the created
file and directory. Code as below:
Status = SeAssignSecurity(
pParentSecurity->pSecurityDescriptor,
AssessState->SecurityDescriptor,
&pNewSecurity,
bCreateDir,
&AccessState->SubjectSecurityContext,
IoGetFileObjectGenericMapping(),
PagedPool);
if (!NT_SUCCESS(Status)) {
goto errorout;
}
But after I called the routine, the pNewSecurity always have two ACEs. One for Administrator User and the other for
System User of the local machine, both of them have full control to the created file and directory . I just don’t know
why it didn’t inherit from the parent.
Any hint is appreciated.
Best regards.
好玩贺卡等你发,邮箱贺卡全新上线!
http://card.mail.cn.yahoo.com/