SEC_DESC_DACL_AUTO_INHERIT_REQ ?
Jeremy Allison
jra at samba.org
Fri Oct 19 17:14:30 GMT 2007
On Fri, Oct 19, 2007 at 05:29:24PM +0200, Volker Lendecke wrote:
> Hi, Jeremy!
>
> If I remember correctly, you at one point said that if
> SEC_DESC_DACL_AUTO_INHERIT_REQ is set during the
> set_security_descriptor call something magic happens with
> ACLs, namely that Windows copies the ACEs from the parent
> directories that are marked as inheritable are copied into
> the new security descriptor. I tried to reproduce this
> today, but I failed. Can you explain to me again what this
> actually does?
This is the condition to test :
(psd->type & (SE_DESC_DACL_AUTO_INHERITED|
SE_DESC_DACL_AUTO_INHERIT_REQ))==
(SE_DESC_DACL_AUTO_INHERITED|
SE_DESC_DACL_AUTO_INHERIT_REQ) ) {
It needs both bits. If set, then the server must append the
parent inheritable ACE entries onto the ACL.
Jeremy.
More information about the samba-technical
mailing list