EldoS | Feel safer!

Software components for data protection, secure storage and transfer

preventing folder/s deletion question

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#18006
Posted: 10/27/2011 01:50:05
by ohad (Standard support level)
Joined: 02/02/2011
Posts: 24

Ok,thanks for clarifying this matter and for your help
#18007
Posted: 10/27/2011 03:53:00
by ohad (Standard support level)
Joined: 02/02/2011
Posts: 24

I have a related question then,how can I get the "Security" tab in the file/folder properties to show when using CBFS, I've set the file system name to "NTFS" with SetFileSystemName() method however this does not appear to be enough,should I also implement the OnGetFileSecurity() and OnSetFileSecurity() callbacks?

Thanks.
#18008
Posted: 10/27/2011 04:02:43
by Volodymyr Zinin (EldoS Corp.)

Yes
#18009
Posted: 10/27/2011 04:06:50
by Eugene Mayevski (EldoS Corp.)

Yes, of course, you must implement security-related callbacks. Moreover, you have to handle this security yourself in OnOpenFile/OnCreateFile/etc . (the OS doesn't do this automatically when the user-mode application does something with the file or directory).


Sincerely yours
Eugene Mayevski
#18010
Posted: 10/27/2011 04:20:40
by Volodymyr Zinin (EldoS Corp.)

BTW there is a system security API AccessCheck which can really help to check security attributes.
#18052
Posted: 11/02/2011 09:17:27
by ohad (Standard support level)
Joined: 02/02/2011
Posts: 24

A new question:

So currently I have set the permissions in a similar way as described in the original posting I put a link to.

That is I have a folder which can not be deleted from the outside but the files within it can be deleted individually(and have "full control" permissions) when I'm inside the folder.

I have implemented this setup both with folders on my C: drive and folders inside the Virtual Drive.

On the C: drive everything works as expected.

With the Virtual Drive folders however the story is different,my folder has the delete permission denied,which I can check and thus assign CanBeDeleted to false accordingly.

However the file within the folder still gets accessed first and since the file itself has "full control" it promptly gets deleted,so I'm arriving at the same problem as described in the beginning of this thread.

The question is does anyone have any clue as to what I'm missing?What is happening differently on my C: drive that with the exact same setup it does not happen there,is there some extra check I forgot to implement?
#18103
Posted: 11/07/2011 03:12:12
by Volodymyr Zinin (EldoS Corp.)

Check the inheritable permissions from the folder's parent. Perhaps the problem is there.
#18175
Posted: 11/14/2011 07:43:29
by ohad (Standard support level)
Joined: 02/02/2011
Posts: 24

Hi,took me a while to get back to this but I don't have permission inheritance between those folders.

1)"root" folder has delete subfolders and files permission denied for current user
2)folders with files under the "root" have delete permission denied for current user.
3)Files under the folders mentioned in 2,have full control for current user.

Outside the Virtual Drive when I choose to delete one of the folders in 2,the folder is not deleted and the files with "full control" permission are also intact.

In the Virtual Drive,when I do the same,the folder indeed does not get deleted but the files with "full control" do get deleted.

The security permissions for each part 1,2 and 3 are independent of each other and the "root" folder does not inherit permissions either.

So the question is what perhaps what Windows does which I do not,or what else am I missing?

Thanks.
#18176
Posted: 11/14/2011 08:16:50
by Volodymyr Zinin (EldoS Corp.)

Perhaps inheritable permissions still exist during your testing. In the case of the Mapper sample try to "mirror" as a virtual drive the root folder of a physical disk. In this case the security attributes should be the same. Or compare security attributes for files/folders by requesting them via the virtual drive and directly where they are really located.
#18177
Posted: 11/14/2011 10:08:22
by ohad (Standard support level)
Joined: 02/02/2011
Posts: 24

Hi,

I am using the mapper sample as the basis in fact.

So with the folder/subfolders to which the drive is mapped,on the actual disk the permission setup works as expected and the file with "full control" is not deleted.

When I launch the virtual disk however and try to do the same,the file gets deleted.

Security attributes are indeed the same.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 4785 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!