Re: SFTP ACLs need inheritance support

To: Joseph Galbraith <galb-list%vandyke.com@localhost>
Subject: Re: SFTP ACLs need inheritance support
From: denis bider <ietf-ssh%denisbider.com@localhost>
Date: Tue, 6 Dec 2005 20:39:13 +0100

> FILE_FLAG_BACKUP_SEMANTIC in combination with
> SeBackupPrivilege bypasses the read access checks
> in the filesystem.
>
> It doesn't require you to use BackupRead() or BackupWrite()
> to my knowledge-- in other words, it is perfectly
> reasonable to open a file file FILE_FLAG_BACKUP_SEMANTIC
> and still call ReadFile/WriteFile.

Ah, indeed, I got BackupRead() and the effects of FILE_FLAG_BACKUP_SEMANTICS mixed up.

Therefore ACCESS_PRIV_BACKUP_FILE means the server will open the file with FILE_FLAG_BACKUP_SEMANTICS, and SSH_FXF_ACCESS_BACKUP_STREAM means the server will I/O with BackupRead() / BackupWrite(). That sounds great, then!

Best regards

denis

References:
- Re: SFTP ACLs need inheritance support
  - From: Joseph Galbraith

Prev by Date: RE: SFTP extensions draft should be submitted as working group item
Next by Date: clarifications for SFTP extensions draft
Previous by Thread: Re: SFTP ACLs need inheritance support
Next by Thread: SFTP extensions draft should be submitted as working group item
Indexes:

Home | Main Index | Thread Index | Old Index