Escolar Documentos
Profissional Documentos
Cultura Documentos
Homepage: http://setacl.sourceforge.net
Version: 2.0.2.0
Copyright: Helge Klein
License: GPL
-V-E-R-S-I-O-N--
2.0.2.0-----------------------------------------------------------------------
a) New features:
- The list function now displays control information from the security
descriptor in CSV
and TAB formats, too. Specifically, the auto_inherited and protected flags
are displayed
for DACL and SACL.
- SetACL now supports very long paths, specifically paths longer than MAX_PATH
which is 260
characters. This is done by prepending the following to the path:
- SetACL now always disticts correctly between "c:" and "c:\". The former is
called a
"local file system root" while the latter is the directory "\" on drive c:.
List
permissions for both and you will see the difference. The latter corresponds
to what you
get when you right click on c: in Explorer and select Properties -> Security.
I am not
too sure what the former actually represents, but the documentation states
that
permissions set on such a local file system root are discarded upon the next
reboot.
b) Changed features:
- The log function (invoked with the parameter -log) now checks whether the log
file already
exists. If yes, SetACL appends to the log instead of replacing it. This makes
it easier
to use SetACL in a loop or batch file.
- Restore: When a file or directory does not exist any more, SetACL logs this
and continues
with the next file/dir.
- The list function now only lists a directory name, if there is something to
see. Before,
the typical large directory tree with permissions set only on a few dirs
would amount to
a large listing only showing dirs without any permissions. Now these dirs are
not shown
any more and the listing is much easier to read.
c) Bugfixes:
- Fixed bug 867350: The actions 'trustee' and 'domain' now only read the SACL
if SACL
processing has been implicitly specified. This means that the privilege
SE_SECURITY_NAME is
only needed when you want the SACL to be processed. Previously the SACL was
always read
(even if no processing was necessary) resulting in the need for
abovementioned privilege.
-V-E-R-S-I-O-N--
2.0.1.0-----------------------------------------------------------------------
a) Bugfixes:
- Fixed bug 794820: If a trustee did not exist in the domain specified, but in
a trusted
domain, the account from the trusted domain was used. Now, only accounts from
the domain
or computer specified are used.
- Fixed bug 800866: Listing admin shares (e.g. c$) caused an access violation.
This
was probably due to the fact that these shares have no security descriptor.
SetACL does
not crash any more, but accessing admin shares still is not possible.
- Fixed bug 801189: Access violation with nonexistent user and logging enabled.
- Fixed bug 805067: Object paths only one character long were not supported.
b) New features:
c) User interface:
- Two new default values for action 'ace': You do not have to specify the mode
(set, grant,
...) or whether to apply to DACL or SACL any more, if you simply want to set
permissions
in the DACL. Thus simple ACE strings can now be shortened from:
-ace "n:domain\user;p:read;m:set;w:dacl"
to
-ace "n:domain\user;p:read"
-V-E-R-S-I-O-N--
2.0.0.6-----------------------------------------------------------------------
a) Bugfixes:
- Fixed bug 783703: Compiler warning with VC++ 7.1 due to signed/unsigned
mismatch.
- Fixed bug 787612: SetACL could crash under certain circumstances (for
example, when setting
the owner) due to incorrect pointer handling / freeing memory.
-V-E-R-S-I-O-N--
2.0.0.5-----------------------------------------------------------------------
a) Bugfixes:
- Fixed a bug with action "reset children" which was introduced in 2.0.0.3: the
object itself
was also reset, not only it's children.
- Fixed bug 776277: when using one of the three trustee actions
(remove/replace/copy trustee)
with more than one trustee (ie. remove all ACEs belonging to two different
trustees) it
could happen that too many ACEs were affected by the operation.
- Fixed bug 778943: When using a command like: 'SetACL -on c:\test -ot file
-actn ace -ace
"n:everyone;p:read;m:set;w:dacl" -rec cont_obj' SetACL correctly walked down
the tree and
displayed the objects it should be processing, but permissions were applied
to the base
object only.
- Fixed bug 780246: This is related to bug #778943. Due to recursion not
working correctly
resetting child objects took very (!) long and did not process all child
objects.
Additionally the parameter "-rst <Where> was partly ignored.
-V-E-R-S-I-O-N--
2.0.0.4-----------------------------------------------------------------------
a) Setting permissions:
SetKernelObjectSecurity () is not used any more; SDs are set the way they
were before
version 2.0.0.3.
b) Bugfixes:
- Fixed Bug 773933: The exception handling in Split () was incompatible with
Visual C++ 7.1.
This has been corrected.
- Fixed a bug: the security descriptor is now only written to the object if
there have been
actual changes. Before, it could happen that by writing to the SD the SD's
control bits
were cleared, resulting in the deletion of the "auto inherited" bit. This was
a minor bug
which had no severe consequences and occured only under special
circumstances. An example
that invoked the bug follows here:
-V-E-R-S-I-O-N--2.0--f-i-n-a-l-(2-0-0-
3)------------------------------------------------------
a) Listing permissions
b) Setting permissions
- Use of privileges: permissions are set even if access is denied to the object
in
question. This works in the (local and remote) file system and in the local
registry.
The privilege "SeRestorePrivilege" is needed for this.
c) Various changes
- Fixed bug 738227: A missing section ("Where") on the help page (printed when
"setacl -help" is typed) has been added.
- Fixed bug 745861: The SYNCHRONIZE flag was set on auditing ACEs, too, which
resulted in
all kinds of access being audited, not only the type specified.
- Fixed bug 739013: If enabling the backup and restore privileges failed, the
program would
exit with an error. This effectively limited the use of SetACL to
administrators.
Now, if these privileges cannot be enabled, only an info message is
displayed.
- Fixed a bug: When resetting permissions using action -rstchldrn the parameter
"-rst Where"
was ignored.
-V-E-R-S-I-O-N--2.0--B-e-t-a--
2---------------------------------------------------------------
a) Listing permissions
- The listing is written to the screen, too, if not in silent mode.
- If a backup file is specified, a listing in UNICODE format will be written
there. If not,
the listing is written to the screen only. In other words, the parameter '-
bckp' is
optional.
- List options need only be set if the default values (csv format, list only
DACL, do not
list inherited permissions) are not suitable. In other words, the parameter
'-lst' is
optional.
- Inherited permissions are listed only if explicitly specified in the list
options (e.g.:
-lst "f:own;w:d;i:y").
- Owner and primary group are now listed in own format, too, if requested.
- The "own" list format has been renamed to "csv".
- A third, tabular, list format has been added: "tab".
- Trustees can now be listed using their names, SIDs, or both.
b) Various changes
-V-E-R-S-I-O-N--2.0--B-e-t-a--
1---------------------------------------------------------------
This is the first public beta version of SetACL version 2. Please visit the
program's homepage
for information, bug reports, feature requests, and general discussion.