1 Feb
2007
1 Feb
'07
12:37 p.m.
Vitaliy Margolen wrote:
list_add_tail( &token->groups, &group->entry );
/* Use first owner capable group as an owner */if (!token->primary_group && group->owner)token->primary_group = &group->sid;}/* we really need a primary group */if (!token->primary_group && group_count){release_object( token );return NULL; }
According to documentation from Microsoft, "the primary group only needs to be set if POSIX compatibility is required." Also, the default security descriptor does not require a group - a NULL group is fine.
--
Rob Shearman
1 Feb
1 Feb
10:57 p.m.
New subject: [PATCH 1/7] server: Get the primary group from the token.
Robert Shearman wrote:
Vitaliy Margolen wrote:
list_add_tail( &token->groups, &group->entry );
/* Use first owner capable group as an owner */if (!token->primary_group && group->owner)token->primary_group = &group->sid;}/* we really need a primary group */if (!token->primary_group && group_count){release_object( token );return NULL; }According to documentation from Microsoft, "the primary group only needs to be set if POSIX compatibility is required." Also, the default security descriptor does not require a group - a NULL group is fine.
However access check against token will fail without group being set. So I don't see why can't we require valid group in the security descriptor?
Vitaliy.
6548
Age (days ago)
6548
Last active (days ago)
1 comments
2 participants
participants (2)
-
Robert Shearman -
Vitaliy Margolen