[jcifs] NTLM HTTP Filter Authenticates All Users Regardless ofJCIFSACL Permissions

John Fletcher jfletcher at latitudegeo.com
Wed Oct 27 17:27:43 GMT 2004

>I just fixed this. It actually surprised me a little to learn how 
>feable ACL access control on Windows shares is. With Windows NT 
>4.0 at least you can mount a share as any authenticated user regardless

>of how the ACL is set. Now that wouldn't be that bad if you could
>not access anything withing it but you can query the existance 
>and attributes of a file or directory if you know it's path 
>regardless of how the ACL is set! I had to resort to trying to 
>*listing* the contents of the share. That causes Access Denied if 
>the user is not listed in the ACL.


>The fix will be in the next release RSN.


Thanks a bunch!  Actually, I tried creating a new directory in the
JCIFSACL share, setting my logonShare to JCIFSACL/newdir at one point to
see if maybe I could get it to deny access to a subdir of the share, but
got a "path not found" error...  At any rate, it'll be great to have the
logonShare functionality in the new release.


More information about the jcifs mailing list