From owner-freebsd-fs Tue Aug 21 2:57: 7 2001 Delivered-To: freebsd-fs@freebsd.org Received: from ntown.esper.com (ntown.esper.com [216.111.16.26]) by hub.freebsd.org (Postfix) with ESMTP id AA72437B40C for ; Tue, 21 Aug 2001 02:57:04 -0700 (PDT) (envelope-from kcross@ntown.com) Received: from kjcwin2k (kcross.ntown.esper.com [216.111.19.212]) by ntown.esper.com (8.11.4/8.11.4) with SMTP id f7LA4PE14917; Tue, 21 Aug 2001 06:04:25 -0400 Message-ID: <00ad01c12a27$9e92b370$0200a8c0@kjc2.com> From: "Ken Cross" To: "Ian J Greely" Cc: References: <017001c1290a$14962300$0200a8c0@kjc2.com> Subject: Re: DENY ACL's Date: Tue, 21 Aug 2001 05:56:59 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-fs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I just finished a course on Win32 API where we had a look at the > structures behind the Win ACL's. (Yeah, well company I work for is > into Windows) > > The ACL strucure is parsed _IN ORDER_ and the FIRST ACL (allow or > deny) that the user matches is applied. You can be bounced or allowed > on a single entry. (Dependant upon the rights requested.) The ORDER of > entries is significant. > > I can send the detail if people want. *shrug* Or you could look in a > book! > > regards, > Ian You're quite right -- that's exactly how they are processed. However, NTFS absolutely enforces the ordering of ACL's such that deny ACL's always come before allow ACL's. Hence, deny ACL's are always processed first. Hey, don't be embarrassed about learning Windows stuff -- it'd be a bigger mistake to pretend it's not there. And it always looks good on the resume. ;-) Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message