locked
Invalid security descriptor inheritance in a transaction RRS feed

  • Question

  • Take the following scenario:

    1. A file is created in a directory A with a default security descriptor. So it inherits inheritable ACEs from A.
    2. The file is then moved (using MoveFileEx) to directory B. File's SD is moved with it.
    3. In order to make a file inherit B's SD, a following call is made:

    SetSecurityInfo(... DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION, {empty_DACL});

    This works as expected, the file's SD id a merge of empty SD and inheritable ACEs from B, that is, it now contains ACEs inherited from B.

    Now let's do the same, but with a transaction:
    1. A file is created in a directory A with a default security descriptor. So it inherits inheritable ACEs from A.
    2. A transaction is created with CreateTransaction().
    3. Directory B is created within a transaction
    4. The file is moved (using MoveFileTransacted) into directory B. File's SD is moved with it.
    5. The same call to SetSecurityInfo is made.

    As the result, the file has an empty SD, forbidding any access to it. That is, security descriptor merging is not occured.

    Is it a bug?
    Friday, October 16, 2009 10:56 AM

All replies

  • Hi,

    Check out this link: http://msdn.microsoft.com/en-us/library/ms978457.aspx
    It might be helpful...

    Have a nice day...

    Best regards,
    Fisnik


    Coder24.com
    • Proposed as answer by Fisnik Hasani Thursday, November 26, 2009 12:35 PM
    • Unproposed as answer by Barfy Thursday, November 26, 2009 9:39 PM
    Friday, November 13, 2009 8:12 PM
  • Hello:

    How is the situation on your side?
    Is this thread solved or NOT?

    Please tell me!

    Have a nice day...

    Best regards,
    Fisnik
    Coder24.com
    Thursday, November 26, 2009 12:35 PM
  • Uhm, I'm sorry. I thought I answered your post... The article you mention describes completely different thing. Moreover, it is from year 2001, long before Vista (which brought support for kernel transactions) shipped.

    The problem is still unresolved and I had to implement a workaround (that is, to use CopyFileEx function instead).
    Thursday, November 26, 2009 9:40 PM
  • Hi again:

    How is the situation on your side?
    Is this thread solved?

    Please tell me!

    Have a nice day...

    Best regards,
    Fisnik
    Coder24.com
    Sunday, December 27, 2009 9:39 AM
  • Hi again:

    How is the situation on your side?
    Is this thread solved?

    Please tell me!

    Have a nice day...

    Best regards,
    Fisnik

    Coder24.com
    Saturday, January 2, 2010 3:03 PM