Date: Tue, 21 Aug 2001 05:56:59 -0400 From: "Ken Cross" <kcross@ntown.com> To: "Ian J Greely" <Ian@tirnanog.org> Cc: <freebsd-fs@freebsd.org> Subject: Re: DENY ACL's Message-ID: <00ad01c12a27$9e92b370$0200a8c0@kjc2.com> References: <017001c1290a$14962300$0200a8c0@kjc2.com> <cn23ot4l31m5898pt8l674rdvv8g63vnj0@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I just finished a course on Win32 API where we had a look at the > structures behind the Win ACL's. (Yeah, well company I work for is > into Windows) > > The ACL strucure is parsed _IN ORDER_ and the FIRST ACL (allow or > deny) that the user matches is applied. You can be bounced or allowed > on a single entry. (Dependant upon the rights requested.) The ORDER of > entries is significant. > > I can send the detail if people want. *shrug* Or you could look in a > book! > > regards, > Ian You're quite right -- that's exactly how they are processed. However, NTFS absolutely enforces the ordering of ACL's such that deny ACL's always come before allow ACL's. Hence, deny ACL's are always processed first. Hey, don't be embarrassed about learning Windows stuff -- it'd be a bigger mistake to pretend it's not there. And it always looks good on the resume. ;-) Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ad01c12a27$9e92b370$0200a8c0>