Directory access deny

Chang_Sung_Jung · January 24, 2003, 6:51am

I want to prevent others from accessing certain directories.
Where is the best point, and how?

Thanks for any suggestions!
Sincerely!

OSR_Community_User · January 24, 2003, 7:36am

Set the ACL.

-----Original Message-----
From: Chang Sung, Jung. [mailto:xxxxx@korea.com]
Sent: Friday, January 24, 2003 6:58 AM
To: File Systems Developers
Subject: [ntfsd] Directory access deny

I want to prevent others from accessing certain directories. Where is
the best point, and how?

Thanks for any suggestions!
Sincerely!

You are currently subscribed to ntfsd as: xxxxx@basistech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · January 24, 2003, 7:46am

Setting the ACL of a directory object works even in FAT?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Benson Margulies
Sent: sexta-feira, 24 de janeiro de 2003 10:36
To: File Systems Developers
Subject: [ntfsd] RE: Directory access deny

Set the ACL.

-----Original Message-----
From: Chang Sung, Jung. [mailto:xxxxx@korea.com]
Sent: Friday, January 24, 2003 6:58 AM
To: File Systems Developers
Subject: [ntfsd] Directory access deny

I want to prevent others from accessing certain directories. Where is
the best point, and how?

Thanks for any suggestions!
Sincerely!

You are currently subscribed to ntfsd as: xxxxx@basistech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to ntfsd as: xxxxx@scuasecurity.com.br
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · January 24, 2003, 10:03am

If you are looking to filter access to directories based on their name,
id, etc. then the place to do it is in IRP_MJ_CREATE processing. You
can do a relative pathname lookup for all access to a particular volume
and deny access if you have a match with an excluded directory. Getting
the full name of the file can be a little bit tricky, since you have to
deal with the file object or the request and the relative file object
also. The IFS kit has some basic logic for looking up the name of a
file on IRP_MJ_CREATE. There are certain conditions under which you
cannot query the file name during IRP_MJ_CREATE - at which time you
might have to deny access on first access. Again, the filter sample in
the IFS kit outlines these limitations also.

However, you also have to deal with the possibility that an object is
being opened by object id or by its file id. This will be difficult to
deny if your deny rules are based on file name. I have no idea what
exactly you are writing, but if you want to deny access to a directory
by ID also, then you have your work cut out. You would need to know the
full path names for every possible object in order to filter on its
parent name.

If you really are looking for a FAT solution, then you don’t have to
worry about open by ID, since FAT doesn’t support that.

/TomH

-----Original Message-----
From: Fernando Roberto da Silva [mailto:xxxxx@scuasecurity.com.br]
Sent: Friday, January 24, 2003 7:46 AM
To: File Systems Developers
Subject: [ntfsd] RE: Directory access deny

Setting the ACL of a directory object works even in FAT?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Benson Margulies
Sent: sexta-feira, 24 de janeiro de 2003 10:36
To: File Systems Developers
Subject: [ntfsd] RE: Directory access deny

Set the ACL.

-----Original Message-----
From: Chang Sung, Jung. [mailto:xxxxx@korea.com]
Sent: Friday, January 24, 2003 6:58 AM
To: File Systems Developers
Subject: [ntfsd] Directory access deny

I want to prevent others from accessing certain directories. Where is
the best point, and how?

Thanks for any suggestions!
Sincerely!

You are currently subscribed to ntfsd as: xxxxx@basistech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to ntfsd as: xxxxx@scuasecurity.com.br
To unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to ntfsd as: xxxxx@inflectionsystems.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · January 24, 2003, 7:15pm

No, it doesn’t. Sorry, cheap shot.

-----Original Message-----
From: Fernando Roberto da Silva [mailto:xxxxx@scuasecurity.com.br]
Sent: Friday, January 24, 2003 7:46 AM
To: File Systems Developers
Subject: [ntfsd] RE: Directory access deny

Setting the ACL of a directory object works even in FAT?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Benson Margulies
Sent: sexta-feira, 24 de janeiro de 2003 10:36
To: File Systems Developers
Subject: [ntfsd] RE: Directory access deny

Set the ACL.

-----Original Message-----
From: Chang Sung, Jung. [mailto:xxxxx@korea.com]
Sent: Friday, January 24, 2003 6:58 AM
To: File Systems Developers
Subject: [ntfsd] Directory access deny

I want to prevent others from accessing certain directories. Where is
the best point, and how?

Thanks for any suggestions!
Sincerely!

You are currently subscribed to ntfsd as: xxxxx@basistech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to ntfsd as: xxxxx@scuasecurity.com.br
To unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to ntfsd as: xxxxx@basistech.com To
unsubscribe send a blank email to xxxxx@lists.osr.com