Fine points of ACL conversion
Richard Sharpe
rsharpe at ns.aus.com
Thu Aug 1 07:49:02 GMT 2002
On Wed, 31 Jul 2002, ZINKEVICIUS,MATT (HP-Loveland,ex1) wrote:
> > 1. If it encounters a DENY (negative) ACE that denies any of the bits
> > requested, it denies access.
>
> Correct
>
> > 2. If it encounters ALLOW ACLs that allows any of the bits,
> > but not all,
> > it continues? Is this true. Does it accumulate permission
> > bits until the
> > requested bits are available and then stop? If a DENY appears
> > after an ACE
> > that allows some bits, but not all, presumably, it denies
> > access. So order
> > is very important. However, does it accumulate perms.
>
> It accumulates and continues as long as none of the request bits have been
> denied. If there are no more ACEs and the full set of request bits have not
> been allowed then permission is denied. If a previously allowed bit is
> denied in a later ACE it is still allowed. That is why ACE ordering is
> important.
Hmmmm, the MSDN article I looked at did not say that, but does not address
that situation either. It kind of implies that any deny bit in the set
requested causes a deny.
Is that your experience? Do you have a simple program that demonstrates
that?
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical
mailing list