NTFS Folks -
I seem to have a problem setting a particular flag (SE_SACL_PROTECTED in
SECURITY_DESCRIPTOR_CONTROL) during a restore. This flag is found “set” in
the SD Control field (SE_SACL_PRESENT is off) of the SD I want to set on the
file. However, after calling ZwSetSecurityObject it is not set. If I set the
SACL_SECURITY_INFORMATION flag when calling SetSecurityObject,
SE_SACL_PROTECTED is indeed set however the SE_SACL_PRESENT flag, which was
previous off, is not on!
Is this: 1) Expected behavior, 2) something I’m missing or 3) I can ignore
the SE_SACL_PROTECTED flag if the SE_SACL_PRESENT flag is off?
Thanks, /ted
How do you determine that it is set or not set? We see the exact same
thing with security descriptors that are set through the explorer and
basically ignore the protected state if the SE_SCAL_PRESENT flag is NOT
set. This seems to be what explorer itself is doing. This looks like
an inconsistency in the security APIs and I have no idea whether the
behavior is intentional or not. This is exactly the behavior that we
are seeing - so you aren’t missing something that I know of. Also, I
currently don’t know of another workaround for this problem - just the
one you suggest.
/TomH
-----Original Message-----
From: Ted Hess [mailto:xxxxx@livevault.com]
Sent: Friday, June 04, 2004 2:02 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Detail question about setting SecruityDescriptor
NTFS Folks -
I seem to have a problem setting a particular flag (SE_SACL_PROTECTED in
SECURITY_DESCRIPTOR_CONTROL) during a restore. This flag is found “set”
in
the SD Control field (SE_SACL_PRESENT is off) of the SD I want to set on
the
file. However, after calling ZwSetSecurityObject it is not set. If I set
the
SACL_SECURITY_INFORMATION flag when calling SetSecurityObject,
SE_SACL_PROTECTED is indeed set however the SE_SACL_PRESENT flag, which
was
previous off, is not on!
Is this: 1) Expected behavior, 2) something I’m missing or 3) I can
ignore
the SE_SACL_PROTECTED flag if the SE_SACL_PRESENT flag is off?
Thanks, /ted
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@exagrid.com
To unsubscribe send a blank email to xxxxx@lists.osr.com