|
190 | 190 | */ |
191 | 191 |
|
192 | 192 | #define FILE_READ_DATA 0x00000001 /* Data can be read from the file */ |
| 193 | + /* or directory child entries can */ |
| 194 | + /* be listed together with the */ |
| 195 | + /* associated child attributes */ |
| 196 | + /* (so the FILE_READ_ATTRIBUTES on */ |
| 197 | + /* the child entry is not needed) */ |
193 | 198 | #define FILE_WRITE_DATA 0x00000002 /* Data can be written to the file */ |
| 199 | + /* or new file can be created in */ |
| 200 | + /* the directory */ |
194 | 201 | #define FILE_APPEND_DATA 0x00000004 /* Data can be appended to the file */ |
| 202 | + /* (for non-local files over SMB it */ |
| 203 | + /* is same as FILE_WRITE_DATA) */ |
| 204 | + /* or new subdirectory can be */ |
| 205 | + /* created in the directory */ |
195 | 206 | #define FILE_READ_EA 0x00000008 /* Extended attributes associated */ |
196 | 207 | /* with the file can be read */ |
197 | 208 | #define FILE_WRITE_EA 0x00000010 /* Extended attributes associated */ |
198 | 209 | /* with the file can be written */ |
199 | 210 | #define FILE_EXECUTE 0x00000020 /*Data can be read into memory from */ |
200 | 211 | /* the file using system paging I/O */ |
201 | | -#define FILE_DELETE_CHILD 0x00000040 |
| 212 | + /* for executing the file / script */ |
| 213 | + /* or right to traverse directory */ |
| 214 | + /* (but by default all users have */ |
| 215 | + /* directory bypass traverse */ |
| 216 | + /* privilege and do not need this */ |
| 217 | + /* permission on directories at all)*/ |
| 218 | +#define FILE_DELETE_CHILD 0x00000040 /* Child entry can be deleted from */ |
| 219 | + /* the directory (so the DELETE on */ |
| 220 | + /* the child entry is not needed) */ |
202 | 221 | #define FILE_READ_ATTRIBUTES 0x00000080 /* Attributes associated with the */ |
203 | | - /* file can be read */ |
| 222 | + /* file or directory can be read */ |
204 | 223 | #define FILE_WRITE_ATTRIBUTES 0x00000100 /* Attributes associated with the */ |
205 | | - /* file can be written */ |
206 | | -#define DELETE 0x00010000 /* The file can be deleted */ |
207 | | -#define READ_CONTROL 0x00020000 /* The access control list and */ |
208 | | - /* ownership associated with the */ |
209 | | - /* file can be read */ |
210 | | -#define WRITE_DAC 0x00040000 /* The access control list and */ |
211 | | - /* ownership associated with the */ |
212 | | - /* file can be written. */ |
| 224 | + /* file or directory can be written */ |
| 225 | +#define DELETE 0x00010000 /* The file or dir can be deleted */ |
| 226 | +#define READ_CONTROL 0x00020000 /* The discretionary access control */ |
| 227 | + /* list and ownership associated */ |
| 228 | + /* with the file or dir can be read */ |
| 229 | +#define WRITE_DAC 0x00040000 /* The discretionary access control */ |
| 230 | + /* list associated with the file or */ |
| 231 | + /* directory can be written */ |
213 | 232 | #define WRITE_OWNER 0x00080000 /* Ownership information associated */ |
214 | | - /* with the file can be written */ |
| 233 | + /* with the file/dir can be written */ |
215 | 234 | #define SYNCHRONIZE 0x00100000 /* The file handle can waited on to */ |
216 | 235 | /* synchronize with the completion */ |
217 | 236 | /* of an input/output request */ |
218 | 237 | #define SYSTEM_SECURITY 0x01000000 /* The system access control list */ |
219 | | - /* can be read and changed */ |
220 | | -#define GENERIC_ALL 0x10000000 |
221 | | -#define GENERIC_EXECUTE 0x20000000 |
222 | | -#define GENERIC_WRITE 0x40000000 |
223 | | -#define GENERIC_READ 0x80000000 |
224 | | - /* In summary - Relevant file */ |
225 | | - /* access flags from CIFS are */ |
226 | | - /* file_read_data, file_write_data */ |
227 | | - /* file_execute, file_read_attributes*/ |
228 | | - /* write_dac, and delete. */ |
| 238 | + /* associated with the file or */ |
| 239 | + /* directory can be read or written */ |
| 240 | + /* (cannot be in DACL, can in SACL) */ |
| 241 | +#define MAXIMUM_ALLOWED 0x02000000 /* Maximal subset of GENERIC_ALL */ |
| 242 | + /* permissions which can be granted */ |
| 243 | + /* (cannot be in DACL nor SACL) */ |
| 244 | +#define GENERIC_ALL 0x10000000 /* Same as: GENERIC_EXECUTE | */ |
| 245 | + /* GENERIC_WRITE | */ |
| 246 | + /* GENERIC_READ | */ |
| 247 | + /* FILE_DELETE_CHILD | */ |
| 248 | + /* DELETE | */ |
| 249 | + /* WRITE_DAC | */ |
| 250 | + /* WRITE_OWNER */ |
| 251 | + /* So GENERIC_ALL contains all bits */ |
| 252 | + /* mentioned above except these two */ |
| 253 | + /* SYSTEM_SECURITY MAXIMUM_ALLOWED */ |
| 254 | +#define GENERIC_EXECUTE 0x20000000 /* Same as: FILE_EXECUTE | */ |
| 255 | + /* FILE_READ_ATTRIBUTES | */ |
| 256 | + /* READ_CONTROL | */ |
| 257 | + /* SYNCHRONIZE */ |
| 258 | +#define GENERIC_WRITE 0x40000000 /* Same as: FILE_WRITE_DATA | */ |
| 259 | + /* FILE_APPEND_DATA | */ |
| 260 | + /* FILE_WRITE_EA | */ |
| 261 | + /* FILE_WRITE_ATTRIBUTES | */ |
| 262 | + /* READ_CONTROL | */ |
| 263 | + /* SYNCHRONIZE */ |
| 264 | +#define GENERIC_READ 0x80000000 /* Same as: FILE_READ_DATA | */ |
| 265 | + /* FILE_READ_EA | */ |
| 266 | + /* FILE_READ_ATTRIBUTES | */ |
| 267 | + /* READ_CONTROL | */ |
| 268 | + /* SYNCHRONIZE */ |
229 | 269 |
|
230 | 270 | #define FILE_READ_RIGHTS (FILE_READ_DATA | FILE_READ_EA | FILE_READ_ATTRIBUTES) |
231 | 271 | #define FILE_WRITE_RIGHTS (FILE_WRITE_DATA | FILE_APPEND_DATA \ |
|
0 commit comments