I’ve never used SeAssignSecurityEx, nor do any of the file systems of
which I’m aware use it, so I’m afraid I have no insight into how it
behaves. In the past I’ve always used SeAssignSecurity and those
parameters in common are essentially the same as what you indicate you
are using.
Sorry I can’t provide any further insight. Were I in your position, I’d
be walking through the call with the debugger to try and understand how
the ACL is being processed.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
Looking forward to seeing you at the next OSR File Systems class in
Boston, MA April 18-21, 2006.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@comcast.net
Sent: Monday, April 03, 2006 3:48 PM
To: ntfsd redirect
Cc: xxxxx@comcast.net
Subject: Re: [ntfsd] Advanced Security Permissions.
I am sure that someone had to implement the driver security before. Any
help regarding how to support the security inheritance and/or
propagation will be greatly appreciated.
-Ilya.
-------------- Original message --------------
From: xxxxx@comcast.net
Hi ALL,
I am trying to add the NTFS like security support to my driver.
I have succeeded so far to see the ACL lists in explorer security panel
- I can modify users and groups, change their permissions, set/modify
the owner, etc. However advanced options such as “Inherit from parent
…” or/and “Replace permission entries on all child objects …” do not
work. It fails silently, that is I do not see any errors in the driver.
Any help or reference regarding how one can add the support of
advanced security permissions will be greatly appreciated.
Also I have another issue that may be related …
When I create a new file, I assign a new relative descriptor to
it using the following API:
SeAssignSecurityEx( ParentRelativeSD, absoluteSD,
&assignedRelativeSD, NULL, IsDirectory,
SEF_AVOID_PRIVILEGE_CHECK | SEF_DACL_AUTO_INHERIT |
SEF_SACL_AUTO_INHERIT,
SubjectContext,
IoGetFileObjectGenericMapping(),
PagedPool),
however when I open the security properties of just created
file/directory, I do not see all parent DACL while I expected it to be
inherited.
Thanks,
Ilya.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to
xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com