On 15/09/2011 4:18 PM, Thomas Kellerer wrote:
> I ran another install and monitored what the process was doing and it
> *is* recursively touching all files on my harddisk when
>
> icacls C:\ /grant "tkellerer":RX
>
> is called. Even without the /t switch.
That's a worry.
>
> I verified this using ProcessExplorer displaying the open file handles
> for the running icacls.exe
It'd be interesting to generate a Process Monitor trace for this, as
it'll show exactly what iacls is doing. Just having a handle open to
some random file is weird, but it'd be good to know if it's messing with
permissions too.
I wonder if it's to do with ACL inheritance? Maybe one of the
inheritance control flags like "NP" is needed. I don't know enough about
NT permissions to say, but inheritance would be my suspect.
--
Craig Ringer
