Re: ACL's Security
From: Badri (badrinathmodale_at_gmail.com)
Date: 12/29/04
- Next message: Steve Clark [MSFT]: "Re: local user creation on W2K server DC"
- Previous message: Ed Gregory: "Administrator gets locked out"
- Maybe in reply to: Roger Abell: "Re: ACL's Security"
- Next in thread: Herb Martin: "Re: ACL's Security"
- Reply: Herb Martin: "Re: ACL's Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Dec 2004 07:27:29 -0800
I am also facing same problem
I have already tried thr' cacls
Any folder having only List folder containts rights for a group shows
following output for CACLS
<Group Name>:(CI)R
Now how to specify this in the ACE string. There is no rights for "R"
with ace_flag as "CI"
Also i have noticed following things by right cliking and setting the
permission on the folder
List Folder Contain shows Read and Excecute in the Advanced Tab. And
Detailed Permissions for "List folder containts" and combination of
"Read, Read and Excecute, List Folder Containts" is the same.
The Detail permissions are
Traverse Folder/Excecute File
List Folder/ Read Data
Read attributes
Read Extended Attributes
REad Permissions
corresponding access right values shown by Cacls are
FILE_EXCECUTE
FILE_READ
FILE_READ_ATTRIBUTE
FILE_READ_EA
READ_CONTROL
Now problem is how can i specify this in ACE String. i am able to get
ACE for READ_CONTROL which is "RC"
Badrinath
Sudeep Sachdev wrote:
> "Glenn L" <the.only(delete)@gmail.com> wrote in message
news:<uvWkXoq1EHA.1564@TK2MSFTNGP09.phx.gbl>...
> > set them in the gui like Roger indicates, then go to DOS and run
CACLS on
> > the folder or file to get the 'under the hood' ACE identifyer. I
think this
> > is what you are looking for.
> >
> >
> > --
> > Glenn L
> >
> > CCNA, MCSE (2000,2003) + Security
> > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> > news:OdZWX8d1EHA.1408@TK2MSFTNGP10.phx.gbl...
> > >I do not understand what the problem is. These permissions
> > > you mention are generic permissions, listed right there in the
> > > NTFS permissions editor (if you are using the UI for this).
> > >
> > > --
> > > Roger Abell
> > >
> > > "Sudeep Sachdev" <sudeep_sachdev@yahoo.com> wrote in message
> > > news:c1dd9064.0411282241.1677eba6@posting.google.com...
> > >> Hi
> > >> I am implementing folder security through ACL's.
> > >> I need ACE for two standard access rights named 'MODIFY' and
'LIST FOLDER
> > > CONTENTS'.
> > >
> > >
>
>
> Hi
> Let's begin with an example .listed below are the ACE strings for
> folder which gives all access rights to a folder.
>
> #define SC_CONFIG_USER_DIR_DACL L"D:"\
> L"(A;OICI;GA;;;SY)"\
> L"(A;OICI;GA;;;BA)"\
> L"(A;OICI;GA;;;%s)"\
>
>
> "GA" -- GENERIC_ALL
> "GR" -- GENERIC_READ
> "GW" -- GENERIC_WRITE
> "GX" -- GENERIC_EXECUTE
>
> So i want rights for 'Modify' and 'List Folder Contents' . For this a
> need the corresponding ACE.
- Next message: Steve Clark [MSFT]: "Re: local user creation on W2K server DC"
- Previous message: Ed Gregory: "Administrator gets locked out"
- Maybe in reply to: Roger Abell: "Re: ACL's Security"
- Next in thread: Herb Martin: "Re: ACL's Security"
- Reply: Herb Martin: "Re: ACL's Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
