Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
An SMB_COM_NT_TRANSACT command (section 2.2.4.8) with an NT_TRANSACT_SET_SECURITY_DESC allows a client to set the security descriptors for a file or device on the server. The NT_TRANSACT_SET_SECURITY_DESC subcommand is specified in [MS-CIFS] section 2.2.7.3. This extension adds LABEL_SECURITY_INFORMATION, ATTRIBUTE_SECURITY_INFORMATION, SCOPE_SECURITY_INFORMATION, and BACKUP_SECURITY_INFORMATION parameter values to the SecurityInformation field.
SecurityInformation (4 bytes): A ULONG. Fields of the security descriptor to be set. These values can be logically OR-ed together to set several descriptors in one request. Bits and security descriptors not mentioned in the following table MUST be ignored and MUST NOT be processed.
|
Name and bitmask |
Meaning |
|---|---|
|
OWNER_SECURITY_INFORMATION 0x00000001 |
Owner of the object or resource. |
|
GROUP_SECURITY_INFORMATION 0x00000002 |
Group associated with the object or resource. |
|
DACL_SECURITY_INFORMATION 0x00000004 |
DACL associated with the object or resource. |
|
SACL_SECURITY_INFORMATION 0x00000008 |
SACL associated with the object or resource. |
|
LABEL_SECURITY_INFORMATION 0x00000010 |
Integrity label in the security descriptor of the file or named pipe. |
|
ATTRIBUTE_SECURITY_INFORMATION 0x00000020 |
Resource attribute in the security descriptor of the file or named pipe. |
|
SCOPE_SECURITY_INFORMATION 0x00000040 |
Central access policy of resource in the security descriptor of the file or named pipe. |
|
BACKUP_SECURITY_INFORMATION 0x00010000 |
Security descriptor information used for backup operation. |