EldoS | Feel safer!

Software components for data protection, secure storage and transfer

preventing folder/s deletion question

Posted: 10/27/2011 01:50:05
by ohad (Standard support level)
Joined: 02/02/2011
Posts: 24

Ok,thanks for clarifying this matter and for your help
Posted: 10/27/2011 03:53:00
by ohad (Standard support level)
Joined: 02/02/2011
Posts: 24

I have a related question then,how can I get the "Security" tab in the file/folder properties to show when using CBFS, I've set the file system name to "NTFS" with SetFileSystemName() method however this does not appear to be enough,should I also implement the OnGetFileSecurity() and OnSetFileSecurity() callbacks?

Posted: 10/27/2011 04:02:43
by Volodymyr Zinin (Team)

Posted: 10/27/2011 04:06:50
by Eugene Mayevski (Team)

Yes, of course, you must implement security-related callbacks. Moreover, you have to handle this security yourself in OnOpenFile/OnCreateFile/etc . (the OS doesn't do this automatically when the user-mode application does something with the file or directory).

Sincerely yours
Eugene Mayevski
Posted: 10/27/2011 04:20:40
by Volodymyr Zinin (Team)

BTW there is a system security API AccessCheck which can really help to check security attributes.
Posted: 11/02/2011 09:17:27
by ohad (Standard support level)
Joined: 02/02/2011
Posts: 24

A new question:

So currently I have set the permissions in a similar way as described in the original posting I put a link to.

That is I have a folder which can not be deleted from the outside but the files within it can be deleted individually(and have "full control" permissions) when I'm inside the folder.

I have implemented this setup both with folders on my C: drive and folders inside the Virtual Drive.

On the C: drive everything works as expected.

With the Virtual Drive folders however the story is different,my folder has the delete permission denied,which I can check and thus assign CanBeDeleted to false accordingly.

However the file within the folder still gets accessed first and since the file itself has "full control" it promptly gets deleted,so I'm arriving at the same problem as described in the beginning of this thread.

The question is does anyone have any clue as to what I'm missing?What is happening differently on my C: drive that with the exact same setup it does not happen there,is there some extra check I forgot to implement?
Posted: 11/07/2011 03:12:12
by Volodymyr Zinin (Team)

Check the inheritable permissions from the folder's parent. Perhaps the problem is there.
Posted: 11/14/2011 07:43:29
by ohad (Standard support level)
Joined: 02/02/2011
Posts: 24

Hi,took me a while to get back to this but I don't have permission inheritance between those folders.

1)"root" folder has delete subfolders and files permission denied for current user
2)folders with files under the "root" have delete permission denied for current user.
3)Files under the folders mentioned in 2,have full control for current user.

Outside the Virtual Drive when I choose to delete one of the folders in 2,the folder is not deleted and the files with "full control" permission are also intact.

In the Virtual Drive,when I do the same,the folder indeed does not get deleted but the files with "full control" do get deleted.

The security permissions for each part 1,2 and 3 are independent of each other and the "root" folder does not inherit permissions either.

So the question is what perhaps what Windows does which I do not,or what else am I missing?

Posted: 11/14/2011 08:16:50
by Volodymyr Zinin (Team)

Perhaps inheritable permissions still exist during your testing. In the case of the Mapper sample try to "mirror" as a virtual drive the root folder of a physical disk. In this case the security attributes should be the same. Or compare security attributes for files/folders by requesting them via the virtual drive and directly where they are really located.
Posted: 11/14/2011 10:08:22
by ohad (Standard support level)
Joined: 02/02/2011
Posts: 24


I am using the mapper sample as the basis in fact.

So with the folder/subfolders to which the drive is mapped,on the actual disk the permission setup works as expected and the file with "full control" is not deleted.

When I launch the virtual disk however and try to do the same,the file gets deleted.

Security attributes are indeed the same.



Topic viewed 5882 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!