Re: NTFS inherited permissions bug on W2K
From: Y. W. Ko (ywko@MINDSPRING.COM)Date: 10/11/01
- Previous message: Greg Corey: "Re: NTFS inherited permissions bug on W2K"
- Maybe in reply to: Sam Greenfield: "NTFS inherited permissions bug on W2K"
- Next in thread: Peter Larsen: "Re: NTFS inherited permissions bug on W2K"
- Reply: Peter Larsen: "Re: NTFS inherited permissions bug on W2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <Springmail.105.1002816178.0.02244100@www.springmail.com> Date: Thu, 11 Oct 2001 12:02:58 -0400 From: "Y. W. Ko" <ywko@MINDSPRING.COM> Subject: Re: NTFS inherited permissions bug on W2K To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Hi all,
Let me take another stab at this one :) - when I used to write NT security tools a few years back, I had a lot of fun playing with NT ACL's, including programmatically.
I strongly feel that there IS a "bug", or at least "inconsistency", in at least the way it is handled via the Explorer GUI. (I'm assuming all observations discussed so far are from using Explorer).
Before I explain why I think it's a bug, there's ANOTHER bug (let's call it bug-2) that has been discussed in another mailling list that, as far as I know, hasn't been menitioned here. As it stands in W2K, when you move a file/folder that has inherited permissions, all the original permissions including inherited permissions are retained. If you now say add a new ACE to the MOVED file (NOTE: NOT the new parent folder), you will find that, suddenly all the originally inherited permissions are gone and replaced by the permissions inherited from the new parent.
"bug-2" seems to suggest that when you modify the moved file's permissions, it would attempt to refresh the whole ACL and, in this case, honor the "Allow inheritable permissions from parent..." flag, and therefore suddenly inheriting permissions from the new parent.
From an consistency point of view, I think that this is how it ought to work:
1) If you want the original permissions unchanged, UNcheck the "Allow inheritable permissions..." before you move a file. In this case, all the originally permissions become explicit and would stay so after move.
2) If you want the file to inherit permissions from the new parent, leave the "Allow inheritable permissions..." flag CHECKED. In this case, the file should inherit permissions automatically after it's moved.
I think it would be interesting to find out at what level this behavior is controlled, ie File Security API or Explorer.
Thanks,
Ko
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant
ivirus.com/smex2000_rebate
- Previous message: Greg Corey: "Re: NTFS inherited permissions bug on W2K"
- Maybe in reply to: Sam Greenfield: "NTFS inherited permissions bug on W2K"
- Next in thread: Peter Larsen: "Re: NTFS inherited permissions bug on W2K"
- Reply: Peter Larsen: "Re: NTFS inherited permissions bug on W2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
