Hi James James Harper wrote: > (I posted this to the forum before I'd done much investigation) >
... with an example which led to no problem. > I have a windows file that has invalid ACL's (as far as NTFS-3G > concerned). I came across this because I am using the data generated by > the Windows BackupRead API call in Bacula to restore the ACL's (and > junctions etc) to an ntfs-3g filesystem mounted under Linux. > > Under Windows: > C:\temp>secaudit -b index.html > secaudit 1.3.8 : NTFS security data auditing > *** Could not get user mapping data > # > # Recursive ACL collection on Wed Oct 28 19:13:54 2009 > # > File index.html > ** Descriptor for index.html is not valid > ** 1 warning was signalled > ** 1 error was found > > The hex ACL string from that file I am trying to apply on ntfs-3g: > "0x010004841400000024000000000000004000000001020000000000052000000020020 > 000010500000000000515000000AA8B635446D7000586C8A697010200000400340002000 > 00000101800FF011F000102000000000005200000002002000000101400FF011F0001010 > 0000000000512000000" > > By adding lots of debug statements to security.c I tracked it down to > "pdacl->revision == ACL_REVISION" in the big if clause in > ntfs_valid_descr. pdacl->revision is 4 while ACL_REVISION is 2. > True. The value 4 is for ACL_REVISION_DS, which is another value which should be accepted. I found a mention about it in http://msdn.microsoft.com/en-us/library/aa374970(VS.85).aspx with the comment "This value can be ACL_REVISION or ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL contains object-specific ACEs." This will be fixed in the next release. > If I 'xcopy /O' the file, the 'bad' ACL copies with it with no > comlaints. Windows shows the permissions as being purely inherited from > the parent. > > A chkdsk /f followed by a reboot does not resolve anything. > > The system is a Windows 2003 machine that has been around for a number > of years. > > ntfs-3g is ntfs-3g-2009.4.4AR.21.tgz > > Ultimately I'd like for ntfs-3g to apply any ACL I give it without any > validation at all... > And you obviously know how to do that... PS I will put a comment about it on the forum, as your example was misleading. Regards Jean-Pierre ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ ntfs-3g-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
