Re: NTFS inherited permissions bug on W2K
From: Ben Cox (cox-work@DJEHUTI.COM)Date: 10/10/01
- Previous message: Ronald Beekelaar: "Re: NTFS inherited permissions bug on W2K"
- In reply to: Russ: "Re: NTFS inherited permissions bug on W2K"
- Next in thread: Martin Maher: "Re: NTFS inherited permissions bug on W2K"
- Next in thread: Tony Chow: "Re: NTFS inherited permissions bug on W2K"
- Reply: Martin Maher: "Re: NTFS inherited permissions bug on W2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <000001c1511b$d08357c0$6601a8c0@BENCOX> Date: Tue, 9 Oct 2001 19:40:44 -0400 From: Ben Cox <cox-work@DJEHUTI.COM> Subject: Re: NTFS inherited permissions bug on W2K To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Inheritance has always been present in NT.
[...]
> ACLs in NT have always been displayed as explicit, even if they were
> inherited from the parent directory. The updated ACL editor included
in NT
While this is true, Win2K adds the "sweep and re-flow" notion: when you
apply changes to permissions on a directory in Win2K, it actually sweeps
subdirectories and reapplies inherited/inheritable permissions to
filesystem objects that reside below that tree (try changing the ACL on
C:\ and see how long it takes when you hit "Apply" if you don't believe
me). In NT4 and prior, this re-application did not occur.
The bug being reported here is that when you move an item from one
directory to another in Win2K, it should sweep and re-flow the
permissions to that item at that point, because Win2K introduces the
notion (admittedly an illusion) that the inherited permissions are
"live" (even though the implementation is that the inherited ACEs are
actually copied to the inherited objects' ACLs).
For more details, see Keith Brown's "Programming Windows Security", from
the DevelopMentor series, published I believe by Addison-Wesley.
__
Ben Cox
Technical Consultant
Summa Technologies, Inc.
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant
ivirus.com/smex2000_rebate
- Previous message: Ronald Beekelaar: "Re: NTFS inherited permissions bug on W2K"
- In reply to: Russ: "Re: NTFS inherited permissions bug on W2K"
- Next in thread: Martin Maher: "Re: NTFS inherited permissions bug on W2K"
- Next in thread: Tony Chow: "Re: NTFS inherited permissions bug on W2K"
- Reply: Martin Maher: "Re: NTFS inherited permissions bug on W2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
