Sign in with
Sign up | Sign in
Your question

empty ACL on file (?)

Tags:
Last response: in Windows 2000/NT
Share
Anonymous
March 15, 2005 12:52:23 PM

Archived from groups: microsoft.public.win2000.security (More info?)

One of our users has placed a file and a directory on a
Windows 2000 Server (SP4) file server, and absolutely
nobody (administrator, the user, etc.) can acces the
file. He copied the files from his Linux machine using
the smbclient softwware (I believe). He's done this with
other files without incident.

We've tried simple command-line tools like xcacls
and setowner, but we always get back "access denied."
Interestingly, the 'subinacl' tool doesn't work on
this computer. (All disks are dynamic disks, and I've
seen vague references suggesting that this causes
problems with subinacl.)

It looks to me as if the files may simply have empty
DACLs. Is there a readily-available tool to test this
theory and/or fix the problem?

More about : empty acl file

Anonymous
March 15, 2005 11:47:51 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Jeffrey,

Try this...

HOW TO: Take Ownership of Files
http://support.microsoft.com/?id=268019

I hope it helps,

--
Mike
Microsoft MVP - Windows Security

"Jeffrey B" <jeff@nospam.net> wrote in message
news:06cf01c52987$bddf02c0$a601280a@phx.gbl...
> One of our users has placed a file and a directory on a
> Windows 2000 Server (SP4) file server, and absolutely
> nobody (administrator, the user, etc.) can acces the
> file. He copied the files from his Linux machine using
> the smbclient softwware (I believe). He's done this with
> other files without incident.
>
> We've tried simple command-line tools like xcacls
> and setowner, but we always get back "access denied."
> Interestingly, the 'subinacl' tool doesn't work on
> this computer. (All disks are dynamic disks, and I've
> seen vague references suggesting that this causes
> problems with subinacl.)
>
> It looks to me as if the files may simply have empty
> DACLs. Is there a readily-available tool to test this
> theory and/or fix the problem?
>
Anonymous
March 15, 2005 11:47:52 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I probably wasn't clear enough in my
original message. We've tried all the
"normal" procedures, and they don't work.

The Security tab doesn't even appear when
you try to look at the properties of the file
in the normal way. (Yes, this is an NTFS file
system, and the security settings look fine
for the directory that contains the problem
file and subdirectory.)

~~Jeff

>-----Original Message-----
>Hi Jeffrey,
>
>Try this...
>
>HOW TO: Take Ownership of Files
>http://support.microsoft.com/?id=268019
>
>I hope it helps,
>
>--
>Mike
>Microsoft MVP - Windows Security
>
>"Jeffrey B" <jeff@nospam.net> wrote in message
>news:06cf01c52987$bddf02c0$a601280a@phx.gbl...
>> One of our users has placed a file and a directory on a
>> Windows 2000 Server (SP4) file server, and absolutely
>> nobody (administrator, the user, etc.) can acces the
>> file. He copied the files from his Linux machine using
>> the smbclient softwware (I believe). He's done this
with
>> other files without incident.
>>
>> We've tried simple command-line tools like xcacls
>> and setowner, but we always get back "access denied."
>> Interestingly, the 'subinacl' tool doesn't work on
>> this computer. (All disks are dynamic disks, and I've
>> seen vague references suggesting that this causes
>> problems with subinacl.)
>>
>> It looks to me as if the files may simply have empty
>> DACLs. Is there a readily-available tool to test this
>> theory and/or fix the problem?
>>
>
>
>.
>
Related resources
Anonymous
March 16, 2005 1:17:23 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Try running Check Disk with the /f switch to see if there is any file
corruption involved. There is a tool I like to use to view and set file
permissions and ownership that seems to work better than xcacls for be
called fileacl and it has a /force option. Beyond that see the link below if
you simply want to try and delete it. --- Steve

http://www.gbordier.com/gbtools/fileacl.htm --- fileacl
http://support.microsoft.com/?kbid=320081

"Jeffrey B" <jeff@nospam.net> wrote in message
news:06cf01c52987$bddf02c0$a601280a@phx.gbl...
> One of our users has placed a file and a directory on a
> Windows 2000 Server (SP4) file server, and absolutely
> nobody (administrator, the user, etc.) can acces the
> file. He copied the files from his Linux machine using
> the smbclient softwware (I believe). He's done this with
> other files without incident.
>
> We've tried simple command-line tools like xcacls
> and setowner, but we always get back "access denied."
> Interestingly, the 'subinacl' tool doesn't work on
> this computer. (All disks are dynamic disks, and I've
> seen vague references suggesting that this causes
> problems with subinacl.)
>
> It looks to me as if the files may simply have empty
> DACLs. Is there a readily-available tool to test this
> theory and/or fix the problem?
>
Anonymous
March 16, 2005 1:24:49 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Well, the issue is not an empty DACL.
An empty but existing DACL is defined as granting
nothing to anyone. A null pointer for the DACL in
an SD is defined as granting everyone full control.

Can you list out the permissions with such as cacls ?
Can you copy the file ? (this is getting at whether there
is a problem with characters in or the total length of
the pathname).

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Jeffrey B" <jeff@nospam.net> wrote in message
news:06cf01c52987$bddf02c0$a601280a@phx.gbl...
> One of our users has placed a file and a directory on a
> Windows 2000 Server (SP4) file server, and absolutely
> nobody (administrator, the user, etc.) can acces the
> file. He copied the files from his Linux machine using
> the smbclient softwware (I believe). He's done this with
> other files without incident.
>
> We've tried simple command-line tools like xcacls
> and setowner, but we always get back "access denied."
> Interestingly, the 'subinacl' tool doesn't work on
> this computer. (All disks are dynamic disks, and I've
> seen vague references suggesting that this causes
> problems with subinacl.)
>
> It looks to me as if the files may simply have empty
> DACLs. Is there a readily-available tool to test this
> theory and/or fix the problem?
>
Anonymous
March 16, 2005 4:37:31 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Uzytkownik "Jeffrey B" <jeff@nospam.net> napisal w wiadomosci
news:08ab01c529ac$626950b0$a601280a@phx.gbl...
>
> I probably wasn't clear enough in my
> original message. We've tried all the
> "normal" procedures, and they don't work.
>
> The Security tab doesn't even appear when
> you try to look at the properties of the file
> in the normal way. (Yes, this is an NTFS file
> system, and the security settings look fine
> for the directory that contains the problem
> file and subdirectory.)

Did you try http://www.sysinternals.com/ntw2k/freeware/handle.shtml
or http://www.sysinternals.com/ntw2k/freeware/procexp.shtm... ?

If this file was uploaded via SMBClient then I suggest
restarting the Server/Workstation services (or even
the system if it's not a big problem for you).

--
Tomasz Polus [MVP]
!