Re: SFTP ACLs need inheritance support

To: Joseph Galbraith <galb-list%vandyke.com@localhost>
Subject: Re: SFTP ACLs need inheritance support
From: denis bider <ietf-ssh%denisbider.com@localhost>
Date: Tue, 6 Dec 2005 19:13:17 +0100

> Hmmm... I was thinking of these as simply enabling the
> backup or restore privilege which bypasses access
> checks-- which would be highly useful for things like
> scanning the volume to see who is using what space--

Based on my reading in the past few days (but not actual first-hand experience), it seems that Windows always requires not just a privilege but also a flag; i.e. the "SeSecurityPrivilege" goes hand in hand with ACCESS_SYSTEM_SECURITY flag (one is not useful without the other), and the "SeBackupPrivilege" goes hand in hand with the FILE_FLAG_BACKUP_SEMANTICS flag.

In other words, it is my understanding that you have to specify FILE_FLAG_BACKUP_SEMANTICS in order to get any kind of special behavior from Windows, and FILE_FLAG_BACKUP_SEMANTICS in turn means that you'll be reading from the backup stream, and you can't have one without the other.

My understanding may be incorrect.

Follow-Ups:
- Re: SFTP ACLs need inheritance support
  - From: Joseph Galbraith

References:
- Re: SFTP ACLs need inheritance support
  - From: Joseph Galbraith

Prev by Date: Re: SFTP ACLs need inheritance support
Next by Date: Re: SFTP ACLs need inheritance support
Previous by Thread: Re: SFTP ACLs need inheritance support
Next by Thread: Re: SFTP ACLs need inheritance support
Indexes:

Home | Main Index | Thread Index | Old Index