问题
I'm trying to extract and restore a Security Descriptor of a NTFS file, via Windows API - XP SP3, I'm trying to understand which functions are actually able to do it properly, but I simply fail.
I found this Remark over MSDN: http://msdn.microsoft.com/en-us/library/aa379573%28VS.85%29.aspx
"Some SECURITY_INFORMATION members work only with the SetNamedSecurityInfo function. These members are not returned in the structure returned by other security functions such as GetNamedSecurityInfo..."
"Some members..." Which members? Why?
"Other Security functions such as..." Which functions? Why?
Anybody have any experience with extracting and restoring a security descriptor of a NTFS file?
回答1:
In general MSDN API documentation supposes a basic level of familiarity with programming and Win32.
You're supposed to understand that some security information can be inherited, for instance. That means that when setting it, you can tell Windows to copy it from the parent. But when you get it, you cannot determine why it has the value it has. Hence, the "inherit" flag is a typical example of a flag that only makes sense in a Set context, and not retrieval context. MSDN doesn't spell out exactly which functions belong in which context, as they assume you can figure that out.
来源:https://stackoverflow.com/questions/2845606/msdn-remark-regards-security-descriptors