First page Back Continue Last page Overview Graphics
Mapping POSIX ACLs to Windows ACLS (continued).
Create a Windows security descriptor (SD) large enough for both file and directory entries.
Copy the two lists into the SD, mapping the uids and gids to SIDs. 'other' is mapped to 'Everyone'.
- Sort so DENY entries come first.
Merge ACL entries that differ only in flags to one entry with flags (OBJECT_INHERIT|CONTAINER_INHERIT).
Mark the SD as containing non-inherited ACL entries. POSIX ACLs are only inherited at create time.