Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

BACKUP_SEMANTICS and inherited ACE

8 views
Skip to first unread message

Himanshu

unread,
Sep 17, 2009, 9:01:03 AM9/17/09
to
I have a backup application that needs to determine whether an ACE is
inherited on not. I am using the following APIs in the given order.
1. CreateFile(filename, READ_CONTROL, FILE_SHARE_READ, NULL, OPEN_EXISTING,
FILE_FLAG_BACKUP_SEMANTICS, NULL);
2. GetKernelObjectSecurity(handle, DACL_SECURITY_INFORMATION, ...);

The dacl returned by #2, does not have the INHERITED_ACE flag set for the
inherited ACEs.
If I use GetNamedSecurityInfo I do get the flag set, but this function does
not support BACKUP_SEMNATICS.

How does one determine whether an ACE is inherited or not for a file which
does not grant me any access?

Thanks for the help.

rkakv

unread,
Sep 18, 2009, 2:24:02 PM9/18/09
to

I don't think this functionality is currently exposed.
I mean, an executable with SE_BACKUP_NAME (BACKUP_OPERATOR) privilege
enabled, cannot use GetNamedSecurityInfo and hence cannot determine whether
an ACE is inherited or not.

Even GetExplicitEntriesFromACL won't help you.

0 new messages