First page Back Continue Last page Overview Graphics
Mapping POSIX ACLs to Windows ACLS
Read the ACL from disk into a 'canonical form'.
- AND off the 'mask' restrictions to all applicable entries (supplemental uid and all gid entries).
- Ensure the owner has at least 'r' access ('r-x' if a directory).
- Sort the list so that entries with no permissions come first (DENY entries), then the owner permissions, and push the 'other' permissions to end end of the list.
If a directory, apply the same algorithm to the 'default' ACL entries.
- 'Owner' is mapped to CREATOR_OWNER here.
- 'Flags' are set to (OBJECT_INHERIT |CONTAINER_INHERIT | INHERIT_ONLY)