The definition file can be in ASCII or Unicode format. The first line is always the file's signature, with task definitions on each subsequent line.
The file signature is currently cb56f6f4, and it will be updated when new versions of the file are supported. It is important that this is the only value on the line, including spaces.
Each task is a comma-separated list of values that are defined as follows:
type,subtype,"path",propagation mode,"security definition"
type
1 - Security Descriptor Definition Language (SDDL)
subtype
0 - Standard
1 - Storage-Level Access Guard (Guard)
path
The path to the target file system object, in double-quotes.
propagation mode
0 - Propagate inheritable permissions to all subfolders
and files
1 - Do not allow permissions on this file or folders to
be replaced (Not implemented)
2 - Replace existing permissions on all subfolders and
files with inheritable permissions
security definition
The security definition that will be applied to the specified
path. The format is described by the type field,
and is always enclosed in double-quotes.
For more information about SDDL syntax and proper formatting
of the security description value, see "Security Descriptor
String Format" at the following URL:
http://msdn2.microsoft.com/en-us/library/aa379567.aspx
NOTE This file can also be generated by the secedit utility,
which is available via download.
EXAMPLE
This is a sample fsecurity definition file which propa-
gates a security descriptor down the /vol/vol0/qtree hier-
archy. The definition allows Everyone full control, and
the second line sets a Guard security descriptor which
denies the ability to Write.
_NF_NF_
cb56f6f4
1,0,"/vol/vol0/qtree",0,"D:(A;CIOI;0x1f01ff;;;Everyone)"
1,1,"/vol/vol0/qtree",0,"D:(D;CIOI;0x000002;;;Everyone)"
Copyright © 1994-2007 Network Appliance. Legal Information