empty ACL on file (?)

Archived from groups: microsoft.public.win2000.security (More info?)

One of our users has placed a file and a directory on a
Windows 2000 Server (SP4) file server, and absolutely
nobody (administrator, the user, etc.) can acces the
file. He copied the files from his Linux machine using
the smbclient softwware (I believe). He's done this with
other files without incident.

We've tried simple command-line tools like xcacls
and setowner, but we always get back "access denied."
Interestingly, the 'subinacl' tool doesn't work on
this computer. (All disks are dynamic disks, and I've
seen vague references suggesting that this causes
problems with subinacl.)

It looks to me as if the files may simply have empty
DACLs. Is there a readily-available tool to test this
theory and/or fix the problem?
5 answers Last reply
More about empty file
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Jeffrey,

    Try this...

    HOW TO: Take Ownership of Files
    http://support.microsoft.com/?id=268019

    I hope it helps,

    --
    Mike
    Microsoft MVP - Windows Security

    "Jeffrey B" <jeff@nospam.net> wrote in message
    news:06cf01c52987$bddf02c0$a601280a@phx.gbl...
    > One of our users has placed a file and a directory on a
    > Windows 2000 Server (SP4) file server, and absolutely
    > nobody (administrator, the user, etc.) can acces the
    > file. He copied the files from his Linux machine using
    > the smbclient softwware (I believe). He's done this with
    > other files without incident.
    >
    > We've tried simple command-line tools like xcacls
    > and setowner, but we always get back "access denied."
    > Interestingly, the 'subinacl' tool doesn't work on
    > this computer. (All disks are dynamic disks, and I've
    > seen vague references suggesting that this causes
    > problems with subinacl.)
    >
    > It looks to me as if the files may simply have empty
    > DACLs. Is there a readily-available tool to test this
    > theory and/or fix the problem?
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    I probably wasn't clear enough in my
    original message. We've tried all the
    "normal" procedures, and they don't work.

    The Security tab doesn't even appear when
    you try to look at the properties of the file
    in the normal way. (Yes, this is an NTFS file
    system, and the security settings look fine
    for the directory that contains the problem
    file and subdirectory.)

    ~~Jeff

    >-----Original Message-----
    >Hi Jeffrey,
    >
    >Try this...
    >
    >HOW TO: Take Ownership of Files
    >http://support.microsoft.com/?id=268019
    >
    >I hope it helps,
    >
    >--
    >Mike
    >Microsoft MVP - Windows Security
    >
    >"Jeffrey B" <jeff@nospam.net> wrote in message
    >news:06cf01c52987$bddf02c0$a601280a@phx.gbl...
    >> One of our users has placed a file and a directory on a
    >> Windows 2000 Server (SP4) file server, and absolutely
    >> nobody (administrator, the user, etc.) can acces the
    >> file. He copied the files from his Linux machine using
    >> the smbclient softwware (I believe). He's done this
    with
    >> other files without incident.
    >>
    >> We've tried simple command-line tools like xcacls
    >> and setowner, but we always get back "access denied."
    >> Interestingly, the 'subinacl' tool doesn't work on
    >> this computer. (All disks are dynamic disks, and I've
    >> seen vague references suggesting that this causes
    >> problems with subinacl.)
    >>
    >> It looks to me as if the files may simply have empty
    >> DACLs. Is there a readily-available tool to test this
    >> theory and/or fix the problem?
    >>
    >
    >
    >.
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Try running Check Disk with the /f switch to see if there is any file
    corruption involved. There is a tool I like to use to view and set file
    permissions and ownership that seems to work better than xcacls for be
    called fileacl and it has a /force option. Beyond that see the link below if
    you simply want to try and delete it. --- Steve

    http://www.gbordier.com/gbtools/fileacl.htm --- fileacl
    http://support.microsoft.com/?kbid=320081

    "Jeffrey B" <jeff@nospam.net> wrote in message
    news:06cf01c52987$bddf02c0$a601280a@phx.gbl...
    > One of our users has placed a file and a directory on a
    > Windows 2000 Server (SP4) file server, and absolutely
    > nobody (administrator, the user, etc.) can acces the
    > file. He copied the files from his Linux machine using
    > the smbclient softwware (I believe). He's done this with
    > other files without incident.
    >
    > We've tried simple command-line tools like xcacls
    > and setowner, but we always get back "access denied."
    > Interestingly, the 'subinacl' tool doesn't work on
    > this computer. (All disks are dynamic disks, and I've
    > seen vague references suggesting that this causes
    > problems with subinacl.)
    >
    > It looks to me as if the files may simply have empty
    > DACLs. Is there a readily-available tool to test this
    > theory and/or fix the problem?
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Well, the issue is not an empty DACL.
    An empty but existing DACL is defined as granting
    nothing to anyone. A null pointer for the DACL in
    an SD is defined as granting everyone full control.

    Can you list out the permissions with such as cacls ?
    Can you copy the file ? (this is getting at whether there
    is a problem with characters in or the total length of
    the pathname).

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Jeffrey B" <jeff@nospam.net> wrote in message
    news:06cf01c52987$bddf02c0$a601280a@phx.gbl...
    > One of our users has placed a file and a directory on a
    > Windows 2000 Server (SP4) file server, and absolutely
    > nobody (administrator, the user, etc.) can acces the
    > file. He copied the files from his Linux machine using
    > the smbclient softwware (I believe). He's done this with
    > other files without incident.
    >
    > We've tried simple command-line tools like xcacls
    > and setowner, but we always get back "access denied."
    > Interestingly, the 'subinacl' tool doesn't work on
    > this computer. (All disks are dynamic disks, and I've
    > seen vague references suggesting that this causes
    > problems with subinacl.)
    >
    > It looks to me as if the files may simply have empty
    > DACLs. Is there a readily-available tool to test this
    > theory and/or fix the problem?
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    Uzytkownik "Jeffrey B" <jeff@nospam.net> napisal w wiadomosci
    news:08ab01c529ac$626950b0$a601280a@phx.gbl...
    >
    > I probably wasn't clear enough in my
    > original message. We've tried all the
    > "normal" procedures, and they don't work.
    >
    > The Security tab doesn't even appear when
    > you try to look at the properties of the file
    > in the normal way. (Yes, this is an NTFS file
    > system, and the security settings look fine
    > for the directory that contains the problem
    > file and subdirectory.)

    Did you try http://www.sysinternals.com/ntw2k/freeware/handle.shtml
    or http://www.sysinternals.com/ntw2k/freeware/procexp.shtml ?

    If this file was uploaded via SMBClient then I suggest
    restarting the Server/Workstation services (or even
    the system if it's not a big problem for you).

    --
    Tomasz Polus [MVP]
Ask a new question

Read More

Windows