-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Paul Chitescu wrote:
How should server/file.c sd_to_mode() deal with filesystems that don't support full POSIX ownership and access permissions? It is quite popular to mount FAT filesystems - either from a removable media or a partition shared with a Windows installation.
A workaround for the moment on linux would be to use the uid=<your_uid> option when mounting the a FAT filesystem, as the linux vfat filesystem driver basically ignores chmod (except for the u+w bit) when the user executing chmod is the owner of the filesystem. I don't know if Mac OS X, *BSD or Solaris do the same.
(tracing using procmon and setacl) NtQuerySecurityObject and NtSetSecurityObject return STATUS_INVALID_DEVICE_REQUEST on Windows XP when attempting to get or set a security descriptor on a FAT filesystem.
(musing) I wonder if it'd be possible to have a special SD pointer (such as -1 or a special SD_INVALID_DEVICE_REQUEST descriptor) in a wineserver object to say that neither the object nor any of its children can hold security descriptors? After all, you cannot put volume mount points on a FAT filesystem, so nothing under a FAT filesystem would be able to hold a security descriptor. obj->get_sd() and obj->set_sd() would then be made to return STATUS_INVALID_DEVICE_REQUEST on such an object.